MoKB Wireless Driver Bug – Critical to Windows Systems

the month of kernel bugs (mokb) released an advisory (mokb-11-11-2006) today on a wireless vulnerability in broadcom’s wireless driver.

zert, in cooperation with metasploit, the sans isc and indeed, securiteam, issued an advisory on the issue, explaining why it is critical, etc.:

the advisory was written by h d moore, gadi evron (me) and johannes ullrich.

worth a read, this is serious.


gadi evron,

  • Matthew Murphy

    It’s worth nothing that users of Windows Vista, Windows XP SP2, and Windows Server 2003 SP1 who are running those operating systems on 64-bit CPUs will be protected by default from this exploit. On those architectures, Windows enforces kernel-mode DEP, which prevents the Metasploit module from working. To be sure that you’re protected, be sure that your boot.ini does NOT contain “/NoExecute=AlwaysOff”.  I should also note that I’m not even sure if Windows Server 2003 has wireless client support. :-)