Update for Windows XP WLAN client
Update KB917021 for the WLAN client on Windows XP computers with Service Pack 2 replaces WPA2 patch KB893357 from May 2005 and should prevent certain man-in-the-middle (MiTM) attacks. Patch KB917021 does not appear to be being installed automatically via Windows Update at present. The improved WPA2 support relates to group policies, which now enable administrators to configure options for WPA2 authentication and encryption.
Brian Krebs from the Washington Post considers the update long overdue, because it helps prevent an MiTM attack scenario which has been known since the start of the year. According to him, the Windows XP SP2 WLAN client searches for previously used wireless networks at regular intervals. To do so it sends out beacon signals, containing the names of known networks. Using this name and thanks to the way the XP WLAN client behaves, it is relatively easy for an attacker to establish a WLAN connection with the computer. However, such an attack is apparently easily thwarted simply by using a firewall.