Why isn’t WPA2 an Automatic Update?

If you’re using Wi-Fi in your workplace, chances are, you’re using WPA2 security. After all, nothing else is worth using. WEP (extended or otherwise) was cracked virtually before it was even released, despite the obvious misnomer, you do not want to be using this! WPA came a while later, and is several hundred times more secure. Unfortunately, WPA is also susceptible to wireless cracking techniques and if you aren’t using a strong password, it’s even less secure than a WEP-encrypted network.

WPA2 seems to be the answer. Instead of WPA’s default (and vulnerable) TKIP packet encryption, it uses AES,1 with mandatory CCMP support.2 Without going into detail, suffice to say that CCMP is, to date, secure and uncrackable.

The only problem? Windows XP isn’t compatible with WPA2-secured networks without a special update for WPA2 encryption support. That’s understandable, after all, WPA2 didn’t come out until after Windows XP SP2. But the problem is, it’s not even on Windows Update! Windows Update, always quick on the mark with the monthly Malicious Software Removal tool and other recommended updates surprised us by not showing the littlest inkling that there was an update as important to security as WPA2 available for download. It’s been available for manual download – only with Genuine Advantage validation – from Microsoft since May 2005… That’s a long time to be waiting!3

To complicate matters further, if you’re on Windows XP x64 Edition, you can’t even use WPA2!! So for the companies out there that are trying to protect their Wireless networks from intruders and looking to stay on the bleeding edge with 64-bit versions of Microsoft Windows — You can’t.

There may be a workaround however, for those so inclined. By using the proprietary Intel and Cisco utilities available for connecting to wireless networks, you may be able to get Windows to connect to WPA2-encrypted networks without installing any updates or formatting your PC to get the x86 edition installed.

The bottom line is, we know Microsoft is serious about security and they don’t appreciate the lack of it on Windows any more than we do, but it’s things like this that make people wonder. How hard would it be to label this as a recommended download via Windows Update for all x86 users – and to roll out a version with x64 support before Windows XP x64 SP2 comes out, years from now?


  1. AES was only optional in the original WPA setup 

  2. CCMP support was made mandatory by the Wi-Fi Alliance in March of 2006 

  3. Direct Download Link: KB893357 

12 thoughts on “Why isn’t WPA2 an Automatic Update?

  1. If you want to get technical, wpa did *not* officially support AES in the spec although there are several drivers and routers that do, at least according to my router’s manual as a reason why they don’t support WPA 1 witth AES.

  2. Spider, I assume you meant WPA2 didn’t support AES officially – because the WPA (1) spec didn’t include any mention of AES – that was just an add-on by Cisco and several other router providers.

    However, WPA2-compliant routers must have AES support. Before WPA2 was completely ratified by the IEEE & the Wi-Fi Alliance, it was a “strongly recommended” security option. Afterwards (as of March 2006) it was made mandatory.

    So yeah, WPA1 doesn’t need to have AES – that’s why WPA2 is the real deal, and why it’s such a big deal that Microsoft doesn’t provide true support for it.

  3. Wait so why wasn’t it included as an automatic update, per the title of the article? I found this page via google and I’m sure other searches are curious as well

  4. Lol, that’s “as of yet unanswered” by Microsoft.

    They just don’t feel like it. They haven’t given us an explanation, and we can’t think of one for them. :)

  5. ok how do you figure wpa with a weak password is less secure than wep… i need to hear more

  6. Jamie Miley, weak password is weak, anyway. Is WEP better than WPA in this case, really doesn’t matter. Just have a strong password.

  7. I fully agree, but the fact of the matter is that with WEP you can derive a key, where WPA needs to be brute forced. If you have a strong password WPA is a thousand times better than WEP

  8. CD-Man’s link is invaluable. I can’t get my legit install to properly validate because I don’t have the latest version of IE and I’m not going to install the latest WGA junk.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>