Dell - Broadcom Security Vulnerability
Dell Requests Customers Apply Urgent Fix for Dell Wireless Wi-Fi Cards to Address Security Vulnerability
A security vulnerability affecting some Dell customers was announced over the weekend. Dell was not previously aware of this issue. Since hearing of the issue Dell has put all available resources on it to understand the scope of affected systems and make an updated software driver available that fixes the problem.
In normal operation wireless cards receive data packets identifying the presence of new wireless networks. Broadcom-based wireless cards, including select Dell Wireless cards offered on Latitude, Mobile Precision, Inspiron and XPS notebooks, are subject to a security vulnerability whereby a hacker may manipulate the data packets received by the notebook in such a way as to trigger an error condition. This error condition could result in the hacker having system level privileges to the notebook.
In some cases this could allow the hacker to run any programs or access any files they wish on the targeted notebook.
Any platform using one of the following internal or external Wi-Fi cards and running a software driver prior to version 220.127.116.11:
Truemobile 1300 Mini PCI Card
Truemobile 1400 Mini PCI Card
Truemobile 1300 PC Card
Dell Wireless 1350 Mini PCI Card
Dell Wireless 1450 Mini PCI Card
Dell Wireless 1350 PC Card
Dell Wireless 1370 Mini PCI Card
Dell Wireless 1470 Mini PCI Card
Dell Wireless 1390 Mini PCI Express (Mini-Card)
Dell Wireless 1490 Mini PCI Express (Mini-Card)
Dell Wireless 1390 ExpressCard
For customers that already pulled down the new driver (v18.104.22.168):
Broadcom initially supplied their OEM version of the driver to Dell for posting instead of the Dell version. Some customers may have pulled down this version. Dell has since (as of 12:30PM CST on 11/16) replaced the web posted OEM driver with the Dell version.
The only differences in the two versions are:
- Broadcom version: Displays “Broadcom” as the device name in device manager. Includes more “Advanced Properties” (visible if you right-click on the device and select “Properties”).
- Dell version: Displays “Dell Wireless” as the device name in device manger. Includes fewer advanced properties. Dell omitted those properties that offered little customer value.
- All other features and functionality are the same. Note that Dell has not tested those Advanced Properties that are not included in the Dell version of the driver.
Dell recommends customers use the Dell version of the driver. If the Broadcom OEM version has already been deployed Dell recommends customers do not use any Advanced Properties not detailed in the Dell Client Utility HTML help files.
For Latitude D510/D520, 110L/120L, X1, D410/D420, D610/D620, D810/D820, Mobile Precision M20/M65/M70/M90:
Go to support.dell.com and download and install the most recent driver (version 22.214.171.124) for your notebook and wireless card. Be sure to get the US, Japan or ROW version of the driver as required.
For notebooks containing a Truemobile 1300 or Truemobile 1400 Mini PCI card:
Go to support.dell.com and go to the Network section of downloads for your notebook. Select Dell Wireless 1350 as the wireless card and download version 126.96.36.199. Be sure to get the US, Japan or ROW version of the driver as required.
For Latitude D505, 100L, X300, D400, D600, D800 and Mobile Precision M60:
We are pushing system test efforts forward on these models as quickly as possible to ensure the driver works as designed. As soon as we complete the testing we will post the driver. Customers may wish to pull down driver 188.8.131.52 for the Dell Latitude D610 (it is the same driver version) and do their own testing in parallel. We don’t anticipate any adverse affects from this configuration but we want to be as thorough as possible before we post the driver for customers.