The beginning of this week was not particularly good due to the severe vulnerabilities found in the ubiquitous Wi-Fi WPA2 protocol.
The vulnerability, called KRACK, affected almost all devices that used Wi-Fi either to connect with each other or to communicate with web servers. The vulnerability in the protocols meant that an attacker could intercept traffic that flowed between the user and access points.
Most companies are already patching the vulnerability on their devices. However, Microsoft already updated and fixed Windows devices to patch the vulnerability for good.
All Windows users with enabled auto updates will be protected from attacks, while others can manually update their version of Windows to get the patch, KRACK Researchers inform.
The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites.
Apparently, Microsoft already released the patch for the vulnerability on October 10 and bundled it in that week’s Patch Tuesday. All of this happened before the vulnerability was actually disclosed by researchers.
Microsoft explained how user security is of paramount importance and how they could not disclose it earlier since they were tied up with the vulnerability disclosure.
According to Krack, 40% of Android devices are affected by the vulnerability but Google will only be rolling out the patch for Pixel and Nexus phones next month.
Even iOS and macOS were affected, but we have yet to hear from Apple how it will combat the vulnerability.