A four-year-old critical Linux Wi-Fi Bug can allow attackers to fully compromise vulnerable machines. The vulnerability, assigned CVE-2019-17666, exists in the “rtlwifi” driver, which is a software component used to allow certain Realtek Wi-Fi modules to communicate with the Linux operating system. An attacker within the vulnerable system Wi-Fi range can trigger a buffer overflow at the “rtlwifi” driver to crash the target system or execute remote code, without the need for authentication. The vulnerability only affects Linux devices that use a Realtek chip when Wi-Fi is turned on. All versions of the Linux kernel after 5.3.6, released in 2013, are affected. A proposed fix is currently being developed and will be incorporated into the Linux kernel in the coming weeks.
References:Security Advisory: Active Directory Open to More NTLM Attacks
More Weekly Cyber Newsanalysis and insights
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services