This week Microsoft warned Windows users of possible "man-in-the-middle" attacks able to steal passwords for some wireless networks and VPNs, or virtual private networks as a result of a disclosure at the recent conference.
However, Keizer points out, the company hasn't issued a security update.
The threat involves MS-CHAP v2 (Microsoft Challenge Handshake Authentication Protocol version 2). It's used to authenticate users in PPTP-based (Point-to-Point Tunneling Protocol)
The greatest threat is spoofing a legitimate wireless hotspot, where a hacker can grab traffic out of the air. As a defence, Microsoft recommended that IT administrators add PEAP (Protected Extensible Authentication Protocol) to secure passwords for VPN sessions.