A Microsoft Windows feature that allows PCs to automatically search for Wi-Fi connections could be exploited by...
The Wi-Fi feature in question is part of both Windows XP and 2000 and the flaw was reported at a hacker conference over the weekend.
Both MessageLabs and McAfee have confirmed the potential security hole.
The security opening is caused when a Windows PC boots up. The machine will then automatically try to connect to a wireless network.
If the machine can’t find a wireless connection it will establish an ad-hoc connection to a local address. This comes with an IP address and Windows matches this address with the ID of the last wireless network the PC connected to.
The process is designed to quickly allow a user to connect to a Wi-Fi network when one actually becomes available. But it also allows hackers to take advantage and potentially read files on the user’s machine.
The wireless ID of the last Wi-Fi network connected to will be broadcast and a wireless hacker could pick up the ID and try and directly link to the machine using a peer-to-peer connection.
As a result of the flaw, security experts have warned companies to make sure their staff use personal firewalls or are using Windows XP Service Pack 2, both of which prevents attacks.
Microsoft has so far not commented on the problem.