Yes, until your specific device is patched, you are vulnerable to attack.
Microsoft - Updated Oct 10th. For once they were proactive and released a patch before the vulnerability was publicly known. Make sure you have the October 10th Security patch.
Apple - no patch yet, as of 2107–10–18.
Android - no patch yet, as of 2107–10–18.
The KRACK vulnerability is native to the WPA2, so almost every WiFi device is exploitable. WPA2 has been the standard security that network admins and home users alike run on their WiFi Access Points.
The good news is that an attacker has to be within WiFi range to compromise your device. Also the attack is fairly complicated, and I haven’t seen an easy to use tool available for hackers to download - yet.
So, you should be concerned and update all of your devices as soon as patches are available. You should always ensure any sensitive online interactions (financial, health, insurance etc.) are connected over SSL. Your browser will show “Secure” when using an SSL connection.
