Microsoft releases a fix for Wi-Fi that stops Windows XP SP2 from alerting ne'er-do-wells: Windows XP SP2 would, if it couldn't find a preferred network, issue continuous probe requests to see if any networks it had previously connected to were "closed" networks in which the access point doesn't offer its name out to those who don't know it. This would allow crackers in proximity to create rogue networks that matched the XP system's request, and allow an association.
Brian Krebs of Security Watch notes this flaw was discovered well over a year ago, and at one security conference, a demonstration showed that 100 out of 400 to 500 laptops could be associated in this way. This association would allow a rogue AP to provide poisoned DNS, and thus allow extracting passwords and other information if someone attempted to log in. Attacks could also be launched over the trusted local network, bypassing firewall protections in some configurations. Apple fixed this flaw, Krebs notes, back in July 2005.
It is about time. This is really a pretty big problem that was glossed over by many in the industry. If your place of work has a no-WiFi policy and you have a laptop with wireless in it then you may be advertising an Ad-Hoc network that anyone could connect to and get stuff off your computer, take over your computer with common exploits and possibly bridge connectivity to your LAN. I am glad it has finally seen the light of day