Microsoft Quietly Patched the Krack WPA2 Vulnerability Last Week

Laverne Mann
October 18, 2017

Researchers Mathy Vanhoef and Frank Piessens from Belgium's KU Leuven University claim to have discovered a weakness in a Wi-Fi security protocol called WPA2 that leaves password-protected WiFi connections open to cyber-attacks and manipulation. Vanhoef says if the network is using WPA2 encryption, it could be vulnerable to a breach using key reinstallation attacks, or KRACKS.

The hacker would have to be within Wi-Fi range to carry out any of those exploits. The report says such an attack would work "against all modern protected WiFi networks" on operating systems including Android, Linux, Apple, Windows, OpenBSD, MediaTek, Linksys, and more, the Guardian reports.

Banking details, logins and credit card details are all at risk of being stolen, while the content of emails, chat messages, documents and images are exposed.

Most companies will no doubt be releasing security patches to fix this issue ASAP, so keep a look out for any available updates. This fix was installed via a cumulative update that included over 25 other updates, but didn't provide any useful info until you visited the associated knowledge basic article.

According to the Wi-Fi Alliance, the issue can be resolved through software updates, and the software industry has already started providing patches to improve WPA2 encryption.

More news: Hillary Clinton says she was leader of a revolution for women's rights
More news: Bakayoko: I joined Chelsea because of Conte
More news: Top Republican senator: Trump is 'castrating' Secretary of State Rex Tillerson

Linux-based systems seem to be particularly vulnerable to this type of attack because they require comparatively little effort to exploit - a potentially disastrous problem, since most Internet of Things (IoT) devices are basically Linux systems on a chip.

2. Avoid using public Wi-Fi networks.


For users, the best they can do for the moment is to wait for the router manufacturers and ISPs to come up with an effective patch in the form of firmware updates to remedy the situation. Google says it'll do so in the coming weeks.

"It means in practice, attackers can decrypt a lot of Wi-Fi traffic, with varying levels of difficulty depending on your precise network setup".

This padlock will appear on all HTTPS sites. You also don't need to change your Wi-Fi passwords, since this security flaw doesn't allow hackers to access that information. "Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together", the statement said.

Other reports by MaliBehiribAe

Discuss This Article