Network Computing is part of the Informa Tech Division of Informa PLC
Critical Wireless Flaw Leaves Windows Users Open To Attack
A critical vulnerability in a wireless driver used in PCs sold by Dell, Gateway, Hewlett-Packard, and others will be tough to patch, a security researcher said Monday, even though exploit code has already been published and attacks are possible.
The vulnerability in the Broadcom wireless driver went public Saturday as part of the "Month of Kernel Bugs" project; the same day, an exploit was added to the Metasploit Framework, a penetration testing tool. Although the researcher who discovered the flaw had earlier reported it to Broadcom, patches may be slow in coming since each computer and third-party wireless card maker tweaks the generic Broadcom code for its own hardware.
"Broadcom supplied a general fix to the general chip vulnerability," said Dean Turner, a senior manager with Symantec's security response team, "but it's very difficult for Broadcom to issue a single patch. Each [computer maker] must create its own patch."
The driver vulnerability and subsequent exploit lets attackers hijack a laptop actively seeking or using a wireless connection, such as when the user is in a public hot spot at an airport or caf.
An alert posted by the all-volunteer ZERT (Zero Day Emergency Response Team) -- best known as the creator of third-party patches for Windows -- spelled out the trouble. "If you are near other users with laptops, you are at risk. If you are using your computer with the wireless card enabled in any public place, you are at risk. Windows is exploitable without the existence of an Access Point or any interaction from the user."
Recommended For You
Network slicing could be the answer to 5G rollout – but it's not easy to implement. Automation provides a way forward.
Wi-Fi 7 products, due out in 2024, will offer significantly more performance for enterprise users and can support more users in denser environments compared to Wi-Fi 6.
6G will leverage many different bands and tools to meet the ever-growing demands and expectations for cellular communications.