You never want to begin any work week having anyone burdening you with bad news. A smooth beginning to a work week often enough makes for a great ending, week-ending that is. When you're a techie and you just so happened to come upon the trendy news that there's a WPA2 exploit better known as KRACK (or Key Reinstallation Attack) has come to existence, not a good way to start any week hearing such dreaded news. Good news, according to reports, Microsoft has already issued a software patch with many hardware and software vendors following suit.
The exploit was first discovered by a cyber security researcher who goes by the name of Marthy Vanhoef at KU Leuven University in Belgium. Now how the WiFi exploits works goes as follows: the WiFi Protected Access ll (WPA2) protocol which everyone on the planet uses to secure wireless delivered Internet traffic, once the WiFi protection standard is compromise the vulnerability could allow any scheming attacker to gain full access to any confidential material that's being sent via WiFi, such as user names and passwords from secure websites. Now Microsoft confirmed that they have already released an update on October 10th addressing the security bug.
Security patches from Microsoft are supported on versions Windows 8.1 and later (sorry Windows 7 users you're assed out).
In going in depth about how the exploit operates, it involves the dreadful attacker to clone wireless networks that, once again uses WPA2 encryption, disguising the MAC address, and then change an entire devices WiFi channel. This will allow any evasive intruder to enforce any exploited devices to a fraudulent network. Once the attacker has any target in its sights, they can basically in a stealth fashion snoop sent and received data via wireless connection.
Now with most users of any WiFi exploit tools the attacker have to be within a reasonable range of its target, so its best you avoid public WiFi networks such as the fast food eateries and coffee shops that have free Wireless access points. So before you go on and enjoy that cup of latte with your laptop raring to go, download that patch, will ya.
As I've stated earlier in this post, many hardware and software vendors have or are in the process developing a patch, with Microsoft beating everyone to the punch with their security patch, question that needs asking is what about Android? Well, Google are still in the process of developing a patch, they have stated that a patch will be available for Android devices by November 6th. The patch release date may go way beyond November 6th because you have to take into consideration there are a great number of Android manufacturers that have custom UI layered over Android.
I can't state this enough, if you're a frequent user of WiFi in places like cafes and libraries and using Windows devices (laptops) if you haven't already run Windows updates now.
Quick techie note: There is no word from Apple if there's a patch available or if a patch is even needed.