The vulnerability was detailed at the Shmoocon hackers conference in Washington DC by self-confessed hacker Mark Loveless, (aka Simple Nomad), a senior security researcher for Vernier Threat Labs.
Seemingly, the issue concerns the way in which the operating systems look for wireless networks during start-up. When a Windows 2000 or XP machine with Wi-Fi starts up, it immediately starts scanning for wireless networks, and if none is found it sets up an ad hoc link using the name of the last wireless network accessed.
If a hacker was aware of the last used network ID, for example knowing the name of a corporate Wi-Fi network address, it could be used to establish a direct local link with the Windows PC offering access to all local drives.
However, the problem only arises if the target machine is not running a firewall. One of the changes in Windows XP SP2 turns the built-in firewall on by default.
Downloads and Drivers
From the Forums
Subscribe to TechSpot
Get free exclusive content, learn about new features and breaking tech news.