Tag: Intel

Wat is het verschil tussen de Intel Wi-Fi 6 AX201 en Intel Wi-Fi 6 AX200 driver in Windows?

Intel Wi-Fi AX201 ondersteunt geen UNII-3 kanalen in Windows 10/11 met de laatste drivers

Zowel de Intel® Wi-Fi 6 AX200 als de Intel® Wi-Fi 6 AX201 ondersteunen 2x2 Wi-Fi 6-technologie, inclusief nieuwe functies zoals:
  • Uplink/Downlink OFDMA
  • 1024QAM
  • Data rates up to 2.4 Gbps

Het belangrijkste verschil tussen de twee is dat de Intel® Wi-Fi 6 AX201 een CRF-module is die de eigen Intel-interface gebruikt en dus alleen kan worden gebruikt met bepaalde Intel-chipsets en -platforms.

Tot zover de informatie die je vanuit Intel op de website kan lezen maar nu de praktijk: https://www.intel.com/content/www/us/en/support/articles/000054819/wireless.html

Intel AX201 ondersteunt geen UNII-3 kanalen in Windows 10 / Windows 11 met de laatste Intel Windows drivers 22.160.0.4 De Intel AX200 ondersteunt daarin tegen wel de UNII-3 kanalen in Windows 10/11

De UNII-3 kanalen zijn in Nederland vrijgegeven en kunnen zonder problemen gebruikt worden. Zie ook https://en.wikipedia.org/wiki/List_of_WLAN_channels#5GHz

Hierbij het bewijs dat de Intel AX201 geen ondersteuning heeft voor UNII-3 kanalen in Windows :

(getest met WLAN-PI profiler)

---------------------------------------------
 - Client MAC: 7c:70:db:xx:xx:xx
 - OUI manufacturer lookup: Unknown
 - Capture channel: 60
---------------------------------------------
802.11k              Supported           
802.11r              Not reported*       
802.11v              Supported           
802.11w              Supported           
802.11n              Supported (2ss)     
802.11ac             Supported (2ss), SU BF not supported, MU BF not supported
802.11ax_draft       Supported (Draft)   
Max_Power            15 dBm              
Min_Power            0 dBm               
Supported_Channels   36,40,44,48,52,56,60,64,100,104,108,112,116,120,124,128,132,136,140,144

* Reported client capabilities are dependent on available features at time of client association.
** Reported channels do not factor local regulatory domain.

Intel Wi-Fi AX201 160 MHz

De volgende HP laptops zijn bij mij bekend dat ze gebruik maken van de Intel Wi-Fi AX201 chipset.

  • HP Probook 630 G8
  • HP Probook 630 G8 Notebook PC
  • HP Probook 640 G8
  • HP Probook 640 G8 Notebook PC
  • HP Probook 650 G8
  • HP Probook 650 G8 Notebook PC

Als je dezelfde Wi-Fi AX201 chipset in Ubuntu 22.04 zou testen met (bijvoorbeeld) WLAN-PI profiler dan ondersteunt Ubuntu wel alle kanalen !:

Volgens Intel WiFi 6 AX201 Test Report zou de AX201 hardware de UNII-3 kanalen wel moeten ondersteunen en dat klopt dus ook maar niet in Windows 10 of Windows 11….

Update Intel Wireless Adapters driver: 27 beveiligings problemen ontdekt

Er zijn 27 beveiligingsproblemen ontdekt in de Intel® PROSet/Wireless Wi-Fi drivers!

De volgende kwetsbaarheden zijn ontdekt:

CVEID:  CVE-2021-0162 : Improper input validation in software – may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access

CVEID:  CVE-2021-0163 : Improper Validation of Consistency within input in software – may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access

CVEID:  CVE-2021-0161 : Improper input validation in firmware – may allow a privileged user to potentially enable escalation of privilege via local access

CVEID:  CVE-2021-0164 : Improper access control in firmware – may allow an unauthenticated user to potentially enable  escalation of privilege via local access

CVEID:  CVE-2021-0165 : Improper input validation in firmware – may allow an unauthenticated user to potentially enable denial of service via adjacent access

CVEID:  CVE-2021-0066 : Improper input validation in firmware – may allow an unauthenticated user to potentially enable escalation of privilege via local access

CVEID:  CVE-2021-0166 : Exposure of Sensitive Information to an Unauthorized Actor in firmware – may allow a privileged user to potentially enable escalation of privilege via local access

CVEID:  CVE-2021-0167 : Improper access control in software – may allow a privileged user to potentially enable escalation of privilege via local access

CVEID:  CVE-2021-0169 : Uncontrolled Search Path Element in software – may allow a privileged user to potentially enable escalation of privilege via local access

CVEID:  CVE-2021-0168 : Improper input validation in firmware – may allow a privileged user to potentially enable escalation of privilege via local access

CVEID:  CVE-2021-0170 : Exposure of Sensitive Information to an Unauthorized Actor in firmware – may allow an authenticated user to potentially enable information disclosure via local access.

CVEID:  CVE-2021-0171 : Improper access control in software – may allow an authenticated user to potentially enable information disclosure via local access

CVEID:  CVE-2021-0172 : Improper input validation in firmware – may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVEID:  CVE-2021-0173 : Improper Validation of Consistency within input in firmware – may allow a unauthenticated user to potentially enable denial of service via adjacent access

CVEID:  CVE-2021-0174 : Improper Use of Validation Framework in firmware – may allow a unauthenticated user to potentially enable denial of service via adjacent access.

CVEID:  CVE-2021-0175 : Improper Validation of Specified Index, Position, or Offset in Input in firmware – may allow an unauthenticated user to potentially enable denial of service via adjacent access

CVEID:  CVE-2021-0076 :  Improper Validation of Specified Index, Position, or Offset in Input in firmware – may allow a privileged user to potentially enable denial of service via local access.

CVEID:  CVE-2021-0176 : Improper input validation in firmware – may allow a privileged user to potentially enable denial of service via local access.

CVEID:  CVE-2021-0177 : Improper Validation of Consistency within input in software – may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVEID:  CVE-2021-0178 : Improper input validation in software – may allow an unauthenticated user to potentially enable denial of service via adjacent access

CVEID:  CVE-2021-0179 : Improper Use of Validation Framework in software – may allow an unauthenticated user to potentially enable denial of service via adjacent access

CVEID:  CVE-2021-0183 :  Improper Validation of Specified Index, Position, or Offset in Input in software – may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVEID:  CVE-2021-0072 : Improper input validation in firmware – may allow a privileged user to potentially enable information disclosure via local access

CVEID: CVE-2021-33110 : Improper input validation –  may allow an unauthenticated user to potentially enable denial of service via adjacent access.

CVEID:  CVE-2021-33113 : Improper input validation – may allow an unauthenticated user to potentially enable denial of service or information disclosure via adjacent access.

CVEID:  CVE-2021-33115 : Improper input validation – may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access

CVEID:  CVE-2021-33114 : Improper input validation – may allow an authenticated user to potentially enable denial of service via adjacent access

Getroffen producten:
Intel® PROSet/Wireless Wi-Fi-producten:

Intel® Wi-Fi 6E AX210
Intel® Wi-Fi 6 AX201
Intel® Wi-Fi 6 AX200
Intel® Wireless-AC 9560
Intel® Wireless-AC 9462
Intel® Wireless-AC 9461
Intel® Wireless-AC 9260
Intel® Dual Band Wireless-AC 8265
Intel® Dual Band Wireless-AC 8260
Intel® Dual Band Wireless-AC 3168
Intel® Wireless 7265 (Rev D) familie
Intel® Dual Band Wireless-AC 3165
Intel® AMT Wireless-producten:

Intel® Wi-Fi 6 AX210
Intel® Wi-Fi 6 AX201
Intel® Wi-Fi 6 AX200
Intel® Wireless-AC 9560
Intel® Wireless-AC 9260
Intel® Dual Band Wireless-AC 8265
Intel® Dual Band Wireless-AC 8260

Killer™ Wi-Fi-producten:

Killer™ Wi-Fi 6E AX1675
Killer™ Wi-Fi 6 AX1650
Killer™ Wireless-AC 1550

Aanbeveilingen:

Windows:

Intel raadt aan de Intel® PROSet/Wireless Wi-Fi-software bij te werken naar versie 22.80 of hoger.

https://www.intel.com/content/www/us/en/download/19351/windows-10-and-windows-11-wi-fi-drivers-for-intel-wireless-adapters.html

Intel raadt aan om de Killer™ Wi-Fi-software bij te werken naar versie 3.1021.733.0 of hoger.

https://www.intel.com/content/www/us/en/download/19779/intel-killer-performance-suite.html

bronnen :

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00539.html

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00581.html

https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00582.html

Original release: 02/08/2022

Advies gebruik van Intel Wireless Adapters, bepalen juiste drivers en protocollen.

Lezers,

Op 16 oktober publiceerden Mathy Vanhoef en Frank Piessens van de Universiteit van Leuven een document waarin een reeks kwetsbaarheden wordt beschreven die de Wi-Fi Protected Access (WPA) en de Wi-Fi Protected Access II (WPA2) protocollen beïnvloeden.

Dit zijn kwetsbaarheden op protocolniveau van draadloze leveranciers en draadloze clients(adapters) die de huidige WPA- en WPA2-specificaties volgen. Deze kwetsbaarheden werden ook aangeduid als “KRACK” (Key Reinstallation AttaCK) en de details werden gepubliceerd op: https://www.krackattacks.com

De meeste wlan client adapters moeten worden geupdate om de ‘supplicant‘ te voorzien van een beveiligings update: Er zijn 10 beveiligingslekken ontdekt waarvan Intel er inmiddels twee heeft geidentificeerd en gerepareerd. De overige lekken moeten in het Operating Systeem(bv Windows) en/of door de draadloze leveranciers gerepareerd worden:

 

 

 

Intel adapter-driver fix : CVE-2017-13081 &  CVE-2017-13080

Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) protocols – integrity group key reinstallation during the group key handshake vulnerability : CVE ID: CVE-2017-13081

A vulnerability in the processing of the 802.11i group key handshake messages of the WPA and WPA2 protocols could allow an unauthenticated, adjacent attacker to force a supplicant to reinstall a previously used integrity group key.

The vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between supplicant and authenticator and retransmitting previously used message exchanges between supplicant and authenticator.

Wi-Fi Protected Access (WPA) and Wi-Fi Protected Access II (WPA2) protocols – group key reinstallation during the group key handshake vulnerability : CVE ID: CVE-2017-13080

A vulnerability in the processing of the 802.11i group key handshake messages of the WPA and WPA2 protocols could allow an unauthenticated, adjacent attacker to force a supplicant to reinstall a previously used group key. 

The vulnerability is due to ambiguities in the processing of associated protocol messages. An attacker could exploit this vulnerability by establishing a man-in-the-middle position between supplicant and authenticator and retransmitting previously used message exchanges between supplicant and authenticator.

Intel heeft voor de volgende Intel Wlan-adapters een update uitgebracht:

  • Intel® Dual Band Wireless-AC 3160
  • Intel® Dual Band Wireless-AC 3165
  • Intel® Dual Band Wireless-AC 3168
  • Intel® Dual Band Wireless-AC 7260
  • Intel® Dual Band Wireless-AC 7265
  • Intel® Dual Band Wireless-AC 8260/8265/9260

PROSet/Wireless Software and Driversversion 20.0.2 for Windows 7, Windows 8.1 and Windows 10:

  • WiFi_20.0.2_PROSet32_Win7.exe (32-bit)
  • WiFi_20.0.2_PROSet64_Win7.exe (64-bit)
  • WiFi_20.0.2_PROSet32_Win8.1.exe (32bit)
  • WiFi_20.0.2_PROSet64_Win8.1.exe (64bit)
  • WiFi_20.0.2_PROSet64_Win10.exe
  • WiFi_20.0.2_PROSet32_Win10.exe

Driver version = 19.10.9.2 for Windows 7 for 18265, 8265, 3168, 18260, 8260, 17265 and 3165.
Driver version = 18.33.9.3 for Windows 7 for 7265, 7260, and 3160

Intel® PROSet/Wireless Software and Drivers for Windows 7

Driver version = 19.10.9.2 for Windows 8.1 for 18265, 8265, 3168, 18260, 8260, 17265, and 3165.
Driver version = 18.33.9.3 for Windows 8.1 for 7265, 7260, and 3160.

Intel® PROSet/Wireless Software and Drivers for Windows 8.1

Driver version = 20.0.2.3 for Windows 10 for 18265, 8265, 18260, 8260.
Driver version = 19.51.7.2 for Windows 10 for 3168, 3165, and 17265.
Driver version = 18.33.9.3 for Windows 10 for 7265, 3160, and 7260.

Intel® PROSet/Wireless Software and Drivers for Windows® 10

Er is ook een ‘driver only’ version beschikbaar :

  • Windows 10 32-bit: WiFi_20.0.2_Driver32_Win10.zip
  • Windows 10 64-bit: WiFi_20.0.2_Driver64_Win10.zip
  • Windows 8.1 32-bit: WiFi_20.0.2_Driver32_Win8.1.zip
  • Windows 8.1 64-bit: WiFi_20.0.2_Driver64_Win8.1.zip
  • Windows 7 32-bit: WiFi_20.0.2_Driver32_Win7.zip
  • Windows 7 64-bit: WiFi_20.0.2_Driver64_Win7.zip

Intel® PROSet/Wireless Software and Drivers for IT Admins

 

Bron INTEL-SA-00101 : https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00101&languageid=en-fr 

Daarnaast is het belangrijk om te weten dat de volgende Intel Wlan Adapters niet meer worden ondersteund. Hier komen dus ook geen beveiligingsupdates meer voor beschikbaar(!):

Product Name Effective Date
Intel® My WiFi Dashboard
August 14, 2017
Intel® Centrino® Advanced-N + WiMAX 6250
September 16, 2016
Intel® Centrino® Wireless-N + WiMAX6150
September 16, 2016
Intel® Centrino® Wireless-N 2200
September 16, 2016
Intel® Centrino® Advanced-N 6230
September 16, 2016
Intel® Centrino® Advanced-N 6200
September 16, 2016
Intel® Centrino® Wireless-N 130
September 16, 2016
Intel® Centrino® Wireless-N 100
September 16, 2016
Intel® Centrino® Wireless-N 1030
September 16, 2016
Intel® Centrino® Wireless-N 1000
September 16, 2016
Intel® WiFi Link 5300
June 1, 2016
Intel® WiFi Link 5100
June 1, 2016
Intel® WiMAX/WiFi Link 5350
June 1, 2016
Intel® WiMAX/WiFi Link 5150
June 1, 2016
Intel® Wireless WiFi Link 4965AGN
December 31, 2013
Intel® Pro/Wireless 3945ABG
December 31, 2013
Intel® Pro/Wireless 2915ABG
December 31, 2009
Intel® Pro/Wireless 2200BG
December 31, 2009

Bron Customer Support Options for Discontinued Intel® Wireless Products : https://www.intel.com/content/www/us/en/support/articles/000006507/network-and-i-o/wireless-networking.html

Windows® 10 ondersteunt industriële standaardprotocollen zoals 802.11r, 802.11k en 802.11v.(Apple ondersteunt ook deze standaarden)

Onderstaande tabel toont de Intel® Wireless Adapters en protocollen.

Product 802.11k 802.11v 802.11r
Intel® Tri-Band Wireless-AC 18265 Yes Yes Yes
Intel® Dual Band Wireless-AC 8265 Yes Yes Yes
Intel® Tri-Band Wireless-AC 18260 Yes Yes Yes
Intel® Tri-Band Wireless-AC 17265 Yes Yes Yes
Intel® Dual Band Wireless-AC 8260 Yes Yes Yes
Intel® Dual Band Wireless-AC 3168 Yes Yes Yes
Intel® Dual Band Wireless-AC 3165 Yes Yes Yes
Intel® Dual Band Wireless-AC 7265 Yes Yes Yes
Intel® Dual Band Wireless-N 7265 Yes Yes Yes
Intel® Wireless-N 7265 Yes Yes Yes
Intel® Dual Band Wireless-AC 3160 No No No
Intel® Dual Band Wireless-AC 7260 No No No
Intel® Dual Band Wireless-N 7260 No No No
Intel® Wireless-N 7260 No No No

Bron Windows® 10 and Supported Intel® Wireless Adapter Protocols : https://www.intel.com/content/www/us/en/support/articles/000021562/network-and-i-o/wireless-networking.html