Problems with Intel wireless drivers
Three weeks ago Johannes wrote a diary (http://isc.sans.org/diary.php?storyid=1535) about vulnerabilities in Centrino device drivers for Windows and the PROSet management software.
Update: Intel is telling customers that a patch should be ready within 2 weeks (thanks Matthias).
Intel initially issued a big file (100MB) that you had to download, but at least it upgraded everything on your machine, if it needed upgrades.
After rebooting in the next few days I noticed that my machine is a bit slower then it was. A look at Task manager output, or excellent Process Explorer from Sysinternals showed that a process called S24EvMON.exe is using quite a bit of CPU, as you can see below.
That process gets started by the Intel(R) PROSet/Wireless Service, which is used to manage the wireless card.
After battling with this, and as I was going to a conference, I went to Dell's web site and noticed that they released their own version of drivers. Hoping that this will fix the problem, I downloaded another 90MB to find out that Dell's drivers have the same problem.
I initially thought that there is maybe something else on my machine causing this, but as news started spreading around, it looks that everyone with (at least) 2915ABG/2200BG wireless cards is affected. F-secure posted this in their weblog as well: http://www.f-secure.com/weblog/archives/archive-082006.html#00000954.
So, you might ask: what do we do now? I would recommend that you install the patches. If you don't use wireless normally you can stop the four services that Intel software needs (Intel(R) PROSet/Wireless Event Log, Intel(R) PROSet/Wireless Registry Service, Intel(R) PROSet/Wireless Service, Intel(R) PROSet/Wireless SSO Service). I put them on manual so they don't start automatically, but if I need to connect to a wireless network I can manually start them.
This way you at least won't be vulnerable, but your machine will be a bit slower due to bugs in these services.
Let's hope Intel will release a fixed version soon.
UPDATE:
The easiest way to start and stop these services (so you actually run them only when you really need them) is to create a batch file that will do this job for you (so you don't have to click manually on all 4 of them). You can use the sc start
Thanks to reader Paul for reminding us about this.
UPDATE 2:
Olli, Steve and Andrew wrote to tell us that they don't use Intel's utilities to manage their wireless card. Indeed, you can use the built-in Windows Wireless Zero Config service, in which case you only need to patch the driver for your wireless card, so you are not vulnerable. As the problem with CPU/memory leaks are in the management service, this is an effective workaround at least until the management service is fixed.
While the built-in configuration service works ok, I personally like Intel's utilities as they give you quite a bit more control over the wireless card and have pretty good monitoring programs (which sometimes come very handy, when you are troubleshooting problems with the wireless card).
Web App Penetration Testing and Ethical Hacking | Munich | Oct 14th - Oct 19th 2024 |
Comments