The bad news: A severe WPA2 protocol vulnerability dubbed KRACK holds the potential to break Wi-Fi security for virtually all wireless devices or networks, allowing attackers to snoop on your Internet traffic or even inject malicious code into websites you visit.
The good news: If you’re running a Windows PC, you’re already safe—at least if you automatically apply new updates.
Microsoft quietly released a KRACK-smashing update as part of last week’s Patch Tuesday blitz, the company confirmed to Windows Central and other websites. Phew! Here is the company’s statement:
“Microsoft released security updates on October 10th and customers who have Windows Update enabled and applied the security updates, are protected automatically. We updated to protect customers as soon as possible, but as a responsible industry partner, we withheld disclosure until other vendors could develop and release updates.”
And now for the even better news: Fixes for KRACK can be backward-compatible, per Mathy Vanhoef, the researcher who discovered the Wi-Fi flaw.
That means if you’ve updated your PC with Microsoft’s KRACK patch, you can likely connect to wireless networks running on unpatched routers without fear. We’ve reached out to Microsoft to confirm whether that’s the case with this patch for Windows devices.
So if you haven’t applied last week’s Windows updates yet, do so now. You can force the issue in Windows 10 by opening the Start menu and heading to Settings > Updates & Security > Windows Update.
The status at the top tells you if your device is up to date, and when its status was last checked. If it’s been awhile, click the “Check for updates” button to scan for the Patch Tuesday updates.
Macs, iPhones, Android phones, Linux PCs, routers, and other devices still need patches to protect against the far-ranging vulnerability. Fortunately, there are ways to protect yourself in the interim, from sticking to secure websites to running a VPN and more.
Check out PCWorld’s guide to staying safe from the KRACK Wi-Fi attack for everything you need to know, including the latest info on incoming patches for other devices.
This article first appeared on PC World (US online)
- Scamwatch round-up - AFP, Dropbox and Telstra
- Former Fortinet channel sales director takes security role at Telstra
- Just how dangerous was the 2013 hack on Microsoft's database?
- Microsoft signs up Symantec in the cloud
- Google rolls out advanced Gmail security protection for high-risk users
- Superloop acquires Aussie Ruckus partner for $12M