A free update for Windows XP adds support for Wi-Fi Protected Access 2 (WPA 2), the Wi-Fi Alliance's term for the new 802.11i security protocol for 802.11b and g wireless LANs. WPA 2 support will aid organizations that want the highest available level of wireless security or need to comply with tight security standards, such as the U.S. government's FIPS 140-2 requirement.

WPA 2 is an update to the WPA protocol, which was introduced in early 2003 while the 802.11i standard was being finalized as a transitional fix for security flaws discovered in the older Wired Equivalent Privacy (WEP) encryption protocol. WPA 2 adds support for the Advanced Encryption Standard (AES) required as part of 802.11i, replacing the Temporal Key Integrity Protocol (TKIP) introduced in WPA. WPA 2 also reduces network delays that occur when users roam from one Wi-Fi access point to another.

To use Windows XP's new AES support, organizations must have newer Wi-Fi wireless LAN access points and wireless network adapters that comply with the mandatory elements of the 802.11i security standard. (Some older equipment that supports the faster 54Mb/sec 802.11g Wi-Fi standard may be software- or firmware-upgradeable to comply with 802.11i.) However, because WPA 2 is backward compatible with the earlier WPA protocol, users who install the Windows XP WPA 2 update will still be able to communicate with older Wi-Fi equipment that supports only WPA or even WEP.

The Windows XP update also adds support for the Wireless Provisioning Services Information Element (WPS IE), which allows wireless Internet service providers (WISPs) to easily migrate to secure Wi-Fi hot spots by enabling support for both unsecured and secured Wi-Fi networks on a single network infrastructure during the migration. To take advantage of this capability, the WISP's Wi-Fi access point hardware must also support WPS IE.

More information on WPA 2 and a list of certified devices may be obtained at www.wi-fi.org/OpenSection/protected_access.asp, and additional Microsoft-specific information at www.microsoft.com/technet/community/columns/cableguy/cg0505.mspx.

The WPA 2 download is available at support.microsoft.com/Default.aspx?id=893357.

Microsoft's earlier Windows update for WPA is described in "Wi-Fi Protected Access for Windows" on page 7 of the May 2003 Update.