Jean-Yves Moschetto's blog

Tip and tricks on Microsoft products

NAVIGATION - SEARCH

I named my WIFI "Hack me if you can". The day after it was named "Challenge Accepted !!!" - URGENT PATCH NEEDED

I named my WIFI "Hack me if you can". The day after it was named "Challenge Accepted !!!"
 

This is not a fake. If you did not patch, just do it NOW !!!


Researchers have disclosed a serious weakness in the WPA2 protocol that allows attackers within range of vulnerable device or access point to intercept passwords, e-mails, and other data presumed to be encrypted, and in some cases, to inject ransomware or other malicious content into a website a client is visiting.
The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that was scheduled for 8am Monday, East Coast time. A website disclosing the vulnerability said it affects the core WPA2 protocol itself and is effective against devices running Android, Linux, and OpenBSD, and to a lesser extent macOS and Windows, as well as MediaTek Linksys, and other types of devices. The site warned that attackers can exploit the flaw to decrypt a wealth of sensitive data that's normally encrypted by the nearly ubiquitous Wi-Fi encryption protocol.
 
Please see attack steps here: https://www.krackattacks.com/
 

Microsoft Response

Also, Microsoft as discretely released a fix "CVE-2017-13080 | Windows Wireless WPA Group Key Reinstallation Vulnerability" included in last Cumulative Updates.
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080
 
Please release all these fixes:

Add comment