Computer code that could let an attacker hijack Windows PCs via a Wi-Fi connection was published on the Internet over the weekend.

The code exploits a security vulnerability in a driver from chipmaker Broadcom. The software is used to run wireless networking hardware in Microsoft Windows-based computers sold by Hewlett-Packard, Dell, Gateway, eMachines and others, according to advisories sent out by various security groups and companies. Potentially, millions of systems could be affected.
…
“This is the first of this class of vulnerability to have public exploit availability at the time that the remote kernel vulnerability was reported,” Symantec said. People who own vulnerable PCs should disable the affected wireless devices until patches have been made available, it said.
…
“If you are near other users with laptops, you are at risk,” according to the ZERT alert. “(Microsoft) Windows is exploitable without the existence of an access point or any interaction from the user. The card’s background scan of available wireless networks triggers the flaw,” the alert read. An access point is another term for a wireless network base station.
…
Broadcom has released a patched driver to its hardware customers, which in turn should provide updates for their affected products, Heather Roberts, a Broadcom spokeswoman, said in an e-mailed statement. “We are in contact with our customers to help speed the deployment of drivers that fix this issue,” she said.
…
It appears very few of Broadcom’s customers so far have applied the update. Linksys, which sells products that ship with this driver, has released an updated driver, according to Symantec, which doesn’t list any other vendors on its list of available patches.

Computer users can check if they have the vulnerable driver by searching for it on their system. The driver filename is: BCMWL5.SYS. As a workaround, some people suggest installing the fixed Linksys drivers for protection. TechRepublic blogger George Ou has instructions on how to do that.