Microsoft Takes a Small Step Toward WPA2 Security Support


Analyst(s): |

  Free preview of Gartner research


Microsoft has finally delivered Wi-Fi Protected Access 2 (WPA2) support, but the offering is not fully compliant with the latest Wi-Fi Alliance specification.

News Analysis


On 12 May 2005, Microsoft announced a free update to Windows XP Service Pack 2 (SP2) that supports WPA2, a Wi-Fi Alliance wireless security certification program.


This move by Microsoft provides improved WPA2 encryption — namely, AES (Advanced Encryption Standard) — in Windows XP SP2. However, what Microsoft has adopted doesn't incorporate the Wi-Fi Alliance's most recent additions to WPA2. In April 2005, the Wi-Fi Alliance expanded its WPA2 authentication choices (in what Gartner calls WPA2-rev2). The Microsoft release is 802.11i-compliant, but from an interoperability perspective it is compliant with WPA2-rev1 only. Thus, enterprises using Cisco PEAP, EAP-SIM or EAP-TTLS (three different types of Extensible Authentication Protocol) will not have native Microsoft support in this update, but will require a third-party plug-in. Only Microsoft PEAP and EAP-TLS are formally supported.

To date, the absence of a Microsoft WPA2 supplicant has been one of several factors that have stalled adoption of the Wi-Fi Alliance certification program. This announcement by Microsoft will help any customer satisfied with the WPA2-rev1 framework. But customers who wish to move to the latest WPA2 framework will still have to purchase third-party clients from vendors such as Funk Software. Microsoft has not announced any timetable to synchronize its supplicant with the WPA2-rev2 specification. Furthermore, Microsoft has only hinted at a Windows Mobile supplicant, leaving enterprises to deal with a mixed-vendor environment across various categories of mobile devices. Each infrastructure vendor must now resubmit its products for WPA2-rev1 testing to ensure that they operate with this new Microsoft supplicant. Enterprises with WPA2-rev1 infrastructure cannot automatically assume that the Microsoft supplicant will work problem-free without testing.

Recommendations: Enterprises that require only WPA2-rev1 can use the new Microsoft Windows XP supplicant as long as their wireless local-area network (WLAN) infrastructure vendor supports it. Microsoft should move to upgrade to WPA2-rev2 across both the Windows and Windows Mobile platforms by year-end 2005. Until then, vendors and end users alike will be faced with the added complexity of third-party add-on products.

Analytical Sources: Ken Dulaney and John Pescatore, Gartner Research

Recommended Reading and Related Research

(You may need to sign in or be a Gartner client to access the documents referenced in this First Take.)

© 2005 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartners research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.

Not a Gartner Client?

Want more research like this?
Learn the benefits of becoming a Gartner client.

Contact us online



Why Gartner

Gartner delivers the technology-related insight you need to make the right decisions, every day.

Find out more