HPSBHF03582 rev. 2 - KRACK Vulnerability Affecting WPA2 Wireless Security

Potential Security Impact

Information Disclosure

Source: University of Leuven

Reported by: Intel

VULNERABILITY SUMMARY

Enhancement to address CVE-2017-13080__ and CVE-2017-13081__, which is the KRACK vulnerability that affects the security of WPA2 wireless LAN encryption.

RESOLUTION

• A Microsoft Security Patch is available to resolve the vulnerability affecting PCs and Networking wireless LAN products. For more information, go to <https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080&gt;[__](<https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2017-13080&gt; “External site.” ).

• HP PCs with Realtek or Intel wireless controllers will require a driver patch. Softpaqs with the patched wireless controller drivers are below. These are the first versions with the patch. If there are any subsequent versions, these will also have the patch. HP PCs with Intel CPUs with AMT will require an Intel ME firmware patch. For more information, go to Intel Management Engine Cumulative Security update and fix for WPA2 vulnerability.

• Google Chrome OS: Products running the Google Chrome Operating system can update to Build 62 or later releases. (Settings > About Chrome OS > Check for Updates)

• Linux: Products using Linux should refer to their distribution for updated builds to resolve the CVE vulnerabilities described in this document.