Commonwealth Office of Technology

• Security Home
  • Security Main Page
• Alerts
  • Security Alerts
• Policies
  • Security Policies
  • SSPM Manual
• Anti-Virus Info
  • Anti-Virus Info
• Newsletters & Info
  • Cyber Security
  • Cyber Security Awareness
  • Security FAQ
  • Video: Public Folders
• Additional Resources
  • Security Forms
  • Security Links
  • COT Responsibilities

COT Security Alert - November 16, 2006

From: Ritchey, Gail (COT)
Sent: Thursday, November 16, 2006 2:53 PM
To: COT Constitutional CIO Security Contacts; COT Cabinet CIO Security Contacts; COT Commonwealth Technology Council

Cc: COT Exchange Administrators; COT Security Alert Contacts; COT Security Contact COT-Support; COT Security Contact Pass; COT Security Contact Self-Support; COT Technical Contacts; SecurityContacts Group

Subject: COT Security Alert - Wireless Driver Vulnerability

COT Security Alert

---

Multiple vulnerabilities were found in certain wireless drivers and adapters. These vulnerabilities are currently being exploited. The components involved in this exploit are embedded within computers, particularly laptops, including, but not limited to, those from HP, Dell, Gateway, eMachines and Macintosh. The Multi-State Information Sharing and Analysis Center (MS-ISAC) has ranked the risk to government entities at high.

Systems Affected:

• Microsoft Windows XP Service Pack 1 and Service Pack 2
• Broadcom Wireless Driver 3.50.21.10 
• D-Link DWL-G132 wireless adapter 
• Linux – All versions 
• Macintosh – All versions

The vulnerable drivers are named “BCMWL5.SYS” (Broadcom) and “A5AGU.SYS (D-Link)”. Exploit code has been made available to the public and has been verified successful for remote code execution when tested. The flaw is exploitable on vulnerable machines whether or not the machine is connected to a wireless network. It is the wireless card's background scan for available wireless networks that apparently triggers the flaw.

Recommendations:

• Immediately apply the latest hardware drivers for your particular vendor’s product when they become available and after appropriate testing. 
• If possible, turn off the wireless cards when not in use, particularly in public spaces such as hotels, airports and other public Wi-Fi hotspots until patches are available and applied to your system.

For more information:

http://secunia.com/advisories/22831/  

NOTICE: COT is providing this information so that you are aware of the latest security threats, vulnerabilities, software patches, etc. You should consult with your network administrator or other technical resources to ensure that the appropriate actions for these alerts are followed. If you are a network administrator and need additional information, please call the Help Desk at 502.564.7576.

Commonwealth Office of Technology
Office of Infrastructure Services
Division of Security Services
101 Cold Harbor Drive
Frankfort, KY 40601
COTSecurityServices@ky.gov
http://technology.ky.gov/security/