Security Update Program for VAIO® Personal Computers

Clic ici pour la version Française (Click here for French version).


Dear Valued Sony Customer,

Sony has recently identified a software vulnerability involving a buffer overflow in the network connection software installed on certain VAIO personal computers. A security update for this issue has been released and Sony recommends that all customers who have Affected Models immediately install the update.

Affected Models

VAIO personal computers that have one of the following programs preinstalled.

  • VAIO PC Wireless LAN Wizard version 1.0
  • VAIO Wireless Wizard version 1.00, 1.00_64, 1.0.1, 2.0, or 3.0
  • SmartWi Connection Utility version 4.7, 4.7.4, 4.8, 4.9, 4.10, or 4.11
  • VAIO Easy Connect software version 1.0.0 or 1.1.0

Vulnerability

The vulnerability could potentially allow arbitrary code to run on the Affected Models when browsing a web-site made by a malicious attacker.

Note: There have been no reported instances of this vulnerability being exploited as of January 5, 2012.

Resolution

Sony has released a security update for the Affected Models that resolves this issue. Sony recommends that all customers who have Affected Models immediately install the latest version of the software by using VAIO Update.
Note: If you are using the default VAIO Update settings the update will be installed automatically.

The update program is also available for download from the Drivers & Software page of affected models. Look for one of the following downloads under Wireless:

  • VAIO Easy Connect Update (SOAOTH-00264236-1040.EXE - 20.06 MB)
  • Wireless Component Update (SOAOTH-00263500-1040.EXE - 3.68 MB)

Note: If neither of these downloads are listed then your computer is not affected by this issue.

Acknowledgments

Sony would like to thank *High-Tech Bridge SA Security Research Lab for professional and responsible disclosure of the vulnerability and work with Sony to help protect our customers.
*By clicking this link, you will be directed to High-Tech Bridge SA Security Research Lab's website, a 3rd party site not affiliated with Sony. Sony is not responsible for the security or other practices of such third party web site.