Microchip logo
  • All
  • Products
  • Documents
  • Applications Notes

Software Vulnerability Response

Protecting You and Your Design

From time to time vulnerabilities that need immediate attention are discovered in communication protocols like TCP/IP, Bluetooth®, Wi-Fi® and other software implementations. Because these threats to your system are a primary concern for us, we keep a watch on these discoveries and provide fixes when necessary. We prioritize firmware updates to ensure threats are eliminated quickly, allowing you to keep your designs connected and protected.

Listed below are our responses to protocol and software implementation vulnerabilities that have been announced in the past. Click on a link to learn more about our response to the specific vulnerability.

NameTechnologyDescription
KRACK Wi-Fi WPA2 (Wi-Fi Protected Access II) protocol, which is a widely used Wi-Fi security mechanism, is vulnerable to a Key Reinstallation attack (KRACK). This vulnerability is in the standard definition and not in a specific implementation.
Kr00k Wi-Fi Microchip is not affected by this Wi-Fi encryption vulnerability.
BlueBorne Attack VectorBluetooth BlueBorne is an attack vector that exploits security gaps in Bluetooth Classic connections and can be used to execute malicious code on affected devices.
Key Negotiation of Bluetooth (KNOB)Bluetooth Key Negotiation of Bluetooth or KNOB affects Bluetooth Classic devices (devices using BR/ EDR connections). It  is vulnerable to an attacker reducing the negotiated encryption key length to a single octet, allowing a brute force attack to decrypt the data and inject data into a Bluetooth connection.
Sweyntooth Bluetooth This is a Bluetooth Low Energy (BLE) security vulnerability. A white paper detailing this vulnerability is available.
Bluetooth Impersonation Attacks (BIAS) Bluetooth This is a vulnerability found in the Bluetooth Core Specification that impacts Secure Connections in Bluetooth. LE Secure Connections, as part of the Bluetooth Low Energy Specification, is not affected.
Amnesia Network Stack (TCP/IP) Vulnerability TCP/IPThis is a set of vulnerabilities in TCP/IP software. A whitepaper with more information about this vulnerability is available.