Earlier today, a new Wi-Fi vulnerability was discovered. The vulnerability, called KRACK, affects almost all computers and other gadgets connected to Wi-Fi. An attacker can use the vulnerability to effect intercept a connection between the user and a Wi-Fi access point. The attacker can then inject malicious content into websites and other connections. “The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites,” said the researchers who discovered the vulnerability.
Firms are already rushing to patch the vulnerability on their products, but it could take a little while before all of your devices are fully protected. Thankfully though, there’s already a fix available for Windows devices. A Microsoft spokesperson confirmed to MSPU that the company has already issued a patch for the vulnerability, and users with automatic updates enabled will be protected from attacks that try to take advantage of the vulnerability:
“We have released a security update to address this issue. Customers who apply the update, or have automatic updates enabled, will be protected. We continue to encourage customers to turn on automatic updates to help ensure they are protected.”
Microsoft actually released the patch for the vulnerability on October 10 with this month’s Patch Tuesday, nearly a week before the vulnerability was publicly disclosed by researchers. “Microsoft updated quickly to protect customers as soon as possible, but as a responsible industry partner and to protect customers also using other platforms, we abided by coordinated vulnerability disclosure principles and withheld disclosure until other vendors could develop and release their own updates,” the company said.
More than 40% of Android devices are reportedly affected by KRACK, but Google will be rolling out a patch for the company’s Pixel smartphones next month. If you own an Android device, you likely won’t get a patch anytime soon due to how long Android updates usually take to arrive. Linux, macOS, and iPhones are also reportedly affected by the vulnerability, but Apple is yet to announce any updates on the issue at the moment.
You can find out more about the patch and its availability from Microsoft’s Security TechCenter here.