Friday, September 05, 2008

Some Dell laptops have wireless vulnerability; fix offered by Dell


Dell has advised users of a potential vulnerability in its wireless network adapter cards. It may affect some but not all laptops.

Select Dell™ Wireless cards offered on Latitude™, Dell Precision™ Mobile, Inspiron™ and XPS™ laptops could have a security vulnerability that would let a hacker manipulate the data packets received by the laptop and trigger an error condition. This could allow a hacker to obtain privileges access any files on an affected laptop in some cases. Apparently the vulnerability could exist even when the user is not connected to a wireless network.

Earlier this week I got prompted to install Microsoft Service Pack 3 on an XP Pro Inspiron Laptop. In my first regular book, I got an “8021x” error from Dell. Wikipedia indicated that the error has to do with IEEE wireless connections. However, I reported the error through Microsoft and I immediately got a supplementary update from Microsoft. I installed, and the next book the error went away. I did not use a wireless connection and worked using a broadband cable connection instead. But theoretically, I could have been exposed. McAfee scans have not found any problems. I will look into this further soon, and report. The laptop machine is left turned off most of the time.

The Dell link is here. Dell will assign a Journal ID for each visit by a registered Dell customer. The advisory gives details as to how to download a security fix to the wireless handlers in the operating system from Dell.

This advisory was emailed today by Arlington County (VA)’s cyber-alert system, which also gets some advisories from CERT.

It would be interesting to see if Microsoft (XP and Vista) can somehow address this vulnerability separately with further security updates (without needing to go to Dell), with a generic fix that could prevent similar problems with any vendor. I would think this would be a very high priority.

No comments: