Microsoft over the weekend rolled out an update to its Windows XP operating system to add support for WPA2, aka Wi-Fi Protected Access 2, the wireless security specification approved by the IEEE.
The update was originally announced in early April but only appeared on the Microsoft Download Center over the weekend.
Microsoft said the patch also contains support for WPS/IE (Wireless Provisioning Services Information Element), the protocol that handles the distribution of configuration and service information to a wireless client.
The WPA2 spec, also known as 802.11i, was ratified in June 2004 to pave the way for improved security within wireless networks.
It replaced the stopgap WPA (Wi-Fi Protected Access) protocol and offers a more advanced encryption technique called AES (Advanced Encryption Standard).
By adding support for WPA2, Microsoft can now market Windows XP Service Pack 2 with full FIPS 140-2 (Federal Information Processing Standard – Publication 140-2) support. FIPS 140-2 is a U.S. security standard used to certify cryptographic modules and is mandatory for some businesses.
According to a knowledge base article, users that download the Windows XP patch will be able to view previously hidden SSIDs (Service Set Identifiers) in the “Choose a Wireless Network” dialog box. This functionality simplifies the users connection to public Wi-Fi networks that were not previously connected.
Microsoft said the WPA2/WPS IE Update supports several features of WPA2, including:
- WPA2 Enterprise using IEEE 802.1X authentication and WPA Personal using a PSK (preshared key).
- The AES using the CCMP (Counter Mode-Cipher Block Chaining-Message Authentication Code Protocol) that provides data confidentiality, data-origin authentication and data integrity for wireless frames.
- The optional use of PMK (Pairwise Master Key) caching and opportunistic PMK caching, allowing faster access when a wireless client roams back to a wireless access point to which the client has already authenticated.
- The optional use of pre-authentication to allow a WPA2 wireless client to perform an 802.1X authentication with other wireless access points in its range when it is still connected to its current wireless access point.