Earlier today, news broke about the KRACK vulnerability that affects the WPA2 protocol. Security researchers have warned that the problem affects millions of devices running everything from Windows to Android and Linux.
Microsoft has announced that it has already released a security patch to fix the vulnerability in Windows. Google says that a patch for affected Android devices will be released "in the coming weeks."
In a statement to the Verge, Microsoft said: "We have released a security update to address this issue. Customers who apply the update, or have automatic updates enabled, will be protected. We continue to encourage customers to turn on automatic updates to help ensure they are protected." Details of the update have not yet been released, but these are expected later in the day.
The update confirms the Wi-Fi Alliance's assertion that a simple update is all that's needed to stay protected:
This issue can be resolved through straightforward software updates, and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users. Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.
While there is understandable concern in the technology community about the vulnerability, the Wi-Fi Alliance
There is no evidence that the vulnerability has been exploited maliciously, and Wi-Fi Alliance has taken immediate steps to ensure users can continue to count on Wi-Fi to deliver strong security protections. Wi-Fi Alliance now requires testing for this vulnerability within our global certification lab network and has provided a vulnerability detection tool for use by any Wi-Fi Alliance member. Wi-Fi Alliance is also broadly communicating details on this vulnerability and remedies to device vendors and encouraging them to work with their solution providers to rapidly integrate any necessary patches. As always, Wi-Fi users should ensure they have installed the latest recommended updates from device manufacturers.
Google is due to push out an update to its own range of devices, but it remains to be seen how long it takes other manufacturers to follow suite for their handsets.
Microsoft has now released details of the patches it has released. The company has also issued a statement:
Microsoft released security updates on October 10th and customers who have Windows Update enabled and applied the security updates, are protected automatically. We updated to protect customers as soon as possible, but as a responsible industry partner, we withheld disclosure until other vendors could develop and release updates.