Microsoft may have more than its share of tie-ups to the whipping post for security snafus but, as George Ou reports, the company isn't to blame for the reports of a new Wi-Fi vulnerability that some say the Redmond, WA-based company is owning up to:
Microsoft never acknowledged this as a vulnerability. I checked with a Microsoft spokesperson and they confirmed that Microsoft Security Research Center states that this is not a security vulnerability. This is what I suspected all along because by definition, a software vulnerability is when software can be made to do something it wasn't designed to do. This [so-called vulnerablity] is actually a feature designed into every wireless "supplicant" (that's IEEE speak for "client") software in the world because it is a fundamental and critical feature of the IEEE 802.11 protocol.
George goes onto describe the types of attacks that Wi-Fi based systems are more likely to be subjected to. Nevertheless, the IEEE 802.11 (aka: Wi-Fi) feature results in potential "exposure" in specific scenarios. The good news, as George again reports, is that it's very manageable:
But is this really the end of the world? Of course not! That's what firewalls are for and just about any firewall will do, even the free built-in Windows XP firewall. Corporate IT departments can easily enable the Windows XP SP2 firewall on every PC they own by setting firewall policies in Active Directory Group Policy.
OK boys. Party's over. And someone let Bill down from that tree please.