Lenovo Security Advisory: LEN-14246
Potential Impact: Denial of service
Scope of Impact: Industry-Wide
CVE Identifier: CVE-2016-8104
A buffer overflow security vulnerability has been identified in the Intel® PROSet/Wireless Software and Drivers before version 19.20.3. This vulnerability allows a local user to crash iframewrk.exe causing a potential denial of service.
If this vulnerability puts you at an unacceptable level of risk and you want to mitigate before the Lenovo-certified driver is available for your product, you can visit the Intel security webpage (https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00065&languageid=en-fr) to download and install the reference driver. Please be aware that the reference driver has not been qualified by Lenovo. If you experience problems as a result of installing the driver from the Intel support site, please contact Intel directly. When the Lenovo-certified driver is available for download from the Lenovo Support site, Lenovo recommends that you uninstall the Intel reference driver, and upgrade to the Lenovo support site version.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update to the latest Intel PROSet/Wireless Software and Drivers for your system
Intel® PROSet/Wireless Software and Drivers before version 19.20.3.