I'm not exactly sure precisely which clients are vulnerable, because there's a lot of crap/fake info floating around, and some folks are desperate to convince themselves (and others) that their preferred device or OS is "safe".
I created this thread mainly to raise FReepers' consciousness about the problem, but I don't claim to have a definitive list of the exact info -- yet. Data is still emerging, and one has to be careful about what one takes as gospel, at least early on in the discussion.
The website (https://www.krackattacks.com) seemed a bit breathless with “all systems are affected” (oh noes!) and was coy about what exactly was the real issue on Windows and Macs. I had to dig down pretty far into the original paper to find the Group Key issue and at first glance it looks pretty minor from what I can tell, at least for Windows 10 clients.
The original paper is at
https://papers.mathyvanhoef.com/ccs2017.pdf
According to the paper, Windows 10 is not vulnerable to most of the attack vectors. The only significant one I saw was for the Group Key, where the vulnerability lets broadcasts and multicasts be replayed (but not alter them if I read it correctly). Any client on the network can already replay a broadcast or multicast by just resending it so I am not sure how this new vulnerablity is all that significant on Windows 10.
thanks! will bmk