Intel sends out Centrino patches

Flaws in Centrino device drivers and ProSet management software compromise security of the wireless technology.

Dawn Kawamoto
Dawn Kawamoto Former Staff writer, CNET News
Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.
2 min read
Intel has issued patches for flaws in its Centrino device drivers and ProSet management software that affect the security of the wireless products.

Three flaws are addressed with the updates. One could allow an attacker to break into a PC via Wi-Fi or even create a worm that jumps from one wireless-enabled laptop to another, provided the computers are within each other's range. Another security hole makes the system vulnerable to attacks that let a malicious user gain additional privileges, according to security experts at Sans Internet Storm Center and F-Secure.

Intel's patches address vulnerabilities in its Intel PRO/Wireless 2200BG, 2915ABG, 2100 and 3945ABG Network Connection products, according to a security advisory from the chipmaker.

The vulnerability involving the Intel Centrino wireless driver could allow attackers within range of a Wi-Fi station to access a vulnerable laptop and execute arbitrary code on the target system, according to the Intel advisory.

F-Secure notes that the vulnerabilities involving the drivers are "pretty awful" and that the patch can be troublesome to download and install because of its size, 129MB.

"You have to manually install this patch, and it is unusually large," said Mikko Hypponen, chief research officer at security company F-Secure. "Most people, especially home users, may not know how to do it, since it is not that straightforward."

Intel offers a complete version of the software for the driver system, which means the download is relatively large, a representative for the chipmaker said.

Security experts note there are no known exploits publicly circulating that have been crafted to take advantage of these flaws.

Intel, meanwhile, provides a a link to help users identify vulnerable systems and advises them to install the patches.