You may have recently read about a software vulnerability in wireless networking (referred to as KRACK) that affects virtually all WiFi enabled devices. This is a very serious vulnerability that can be exploited to allow an attacker to read or sniff data being transmitted by the WiFi signal.
(Read more about KRACK here: https://www.wired.com/story/krack-wi-fi-wpa2-vulnerability/)
Microsoft has released patches to mitigate the vulnerability.
As of yesterday morning, Wednesday, October 18, these patches were applied to your computers as part of the weekly update cycle by Carolinas NetCare. It is vitally important that you reboot your computers (including laptops) today before you leave the office to ensure these patches are completely applied.
A daily reboot of your computers is always a good idea. The reboot not only saves all your work from the day but clears the computer memory to keep the computer at its highest performance. It is especially important to reboot if patches have been installed and must have a reboot to finalize.
In the near term, we will performing updates on all the other affected hardware and software we support for your organization.
Some notes about this vulnerability:
Most of the major hardware and software vendors already have patches in place or have patches in rapid development. When 2 devices are communicating via WiFi, if one of the 2 devices is patched, the vulnerability is completely mitigated. Using Wifi to browse any website or web service that uses “https:” mitigates the exploitation of this vulnerability as the traffic is already encrypted by the web service.
Currently the most vulnerable devices are Android based smartphones. These devices must wait for a patch from your mobile provider. This process could take several weeks. But we are also concerned about Windows based PCs and laptops.
Actions you can take to protect yourself:
Minimize the browsing of unsecured, non-https, websites, especially on mobile devices. Mobile banking apps should be ok to use because of their built-in encryption.
For your home devices contact the vendor support to get your home router(s) and computers up to date with patches.
Be very cautious about using unsecured WiFi in public spaces. Using your mobile data connection is generally more secure although it may be of higher cost to use depending on your plan.
We will be discussing this at our Fall Executive Briefing on October 25th If you have not yet registered for this event you can do so by clicking here.
Please contact us if you have any questions or concerns.
ShareOCT
2017
