> > Alarm Raised for Critical Broadcom Wi-Fi Driver Flaw > Sat Nov 11, 2006 > http://news.yahoo.com/s/zd/20061111/tc_zd/193827 > > " Computer security analysts are raising the alarm for a > critical vulnerability in the Broadcom wireless driver > embedded in PCs from HP, Dell, Gateway and eMachines.
--- There's a patch linked here: http://blogs.zdnet.com/Ou/?p=365#Update-Procedure UPDATED 11/13/2006 7:00PM -- Broadcom has informed me that HP issued a Windows certified driver to Windows Update in October for all HP and Compaq computers. HP users only need to go to Windows update under the hardware section and select the optional hardware driver update for their HP or Compaq-branded Broadcom wireless hardware. Venders like Dell, Gateway, Fujitsu, eMachines, and others have not issued updated drivers at this point but I have tested the Linksys drivers on my own laptop (which uses a Dell 1450 802.11 a/b/g miniPCI adapter) and the Linksys drivers work. The driver installation process is not straight forward since you are technically installing the wrong product drivers. But given the critical nature of this flaw, the Linksys branded driver can provide immediate protection until the correctly branded drivers are released. You can follow the step-by-step procedure below. According to Johnny Cache, this particular exploit is extremely reliable and results in "100% ownage" which means your computer belongs to the hacker if it's attacked using this exploit. Since the exploit has been rolled in to the Metasploit 3.0 framework which includes kernel-level shell code, the exploit can be performed with a moderate amount of hacking knowledge. This flaw is extremely dangerous because it exploits the kernel of the operating system which means it bypasses all conventional security measures like anti-virus, HIDS, firewalls, and user privileges. The attack range is limited to Wi-Fi range which is typically 100 to 200 feet but can be extended with high-powered antennas. [...snip...] Yes this is an UGLY solution but it's all we have at this point. Broadcom should have provided certified drivers to Microsoft for inclusion in Windows Update but they didn't. But even then, Microsoft device driver updates are never pushed out as automatic critical updates and we all know that if it isn't automatic and seamless it probably won't get done. This is something Microsoft needs to address with the PC industry in general because driver exploits are becoming very common(*) and very dangerous. (*) Surge of killer device drivers leave no OS safe >> http://blogs.zdnet.com/Ou/?p=347 --- -- ---------------------------------------- WIN-HOME Archives: http://PEACH.EASE.LSOFT.COM/archives/WIN-HOME.html Contact the List Owner about anything: [EMAIL PROTECTED] Official Win-Home List Members Profiles Page http://www.besteffort.com/winhome/Profiles.html
