Microsoft isn’t the only company re-issuing security patches this month. Intel plans to rerelease a critical security patch for its Centrino platform because of a memory-hogging bug.
The updated patch should be available on Intel’s website Friday, said Amy Martin, an Intel spokeswoman. At issue is a bug in the Proset wireless connection software that came with the update. This flaw causes Proset to consume more and more of the PC’s memory, ultimately bringing performance to a grinding halt.
When Intel released the patch earlier this month, it contained security fixes for flaws in some versions of the Pro/Wireless Network Connection drivers as well as the Proset software. The most serious of these bugs “could have been exploited by a remote attacker to execute malicious code,” Martins said. “The others would have just resulted in a denial of service.”
Since the current memory problem is with Proset, and not the drivers themselves, users who have installed the buggy update can simply uninstall Proset and use other software like the Windows network connection utility to hook up to wireless networks, Martin said.
Users can also download Intel’s software and then simply install the driver through the Windows Control Panel, according to Mikko Hypponen, chief research officer with F-Secure.
Hypponen installed the buggy update on his PC and found that it was using about 600MB of real and virtual memory on his system within three days.
So far, his company has seen no attacks against this vulnerability, Hypponen said.
Intel isn’t alone with patch problems this month.
Microsoft also re-issued a patch for its Internet Explorer browser Thursday, just days after security researchers said they’d found a critical security vulnerability that was introduced in the update.
Intel has already delivered its fix to PC makers, and while Intel’s software can be downloaded directly, the company warns that its generic drivers may be slightly different from the ones delivered by companies like Dell or Hewlett-Packard.
Intel’s drivers can be found here.
-Robert McMillan, IDG News Service (San Francisco Bureau)
Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.