Microsoft says Windows not immune to FREAK attack

10 Mar 2015

1

Apple and Google products have been found to be affected by a long-standing vulnerability, caused by a now-defunct US government regulation that prohibited tech companies from using encryption above 512 bits in ''export-grade'' software, to enable the country to maintain a cryptographic edge over others.

Not to be left behind, the Redmond-based company issued a security advisory warning that all supported versions of Microsoft Windows were also affected by FREAK (Factoring attack on RSA-EXPORT Keys), as the SSL/TLS flaw is called.

''Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows,'' the advisory read. ''Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system.

The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems. When this security advisory was originally released, Microsoft had not received any information to indicate that this issue had been publicly used to attack customers.''

Microsoft's advisory was also confirmed by Freakattack.com, a service that scanned for vulnerabilities to the bug, which ran counter to previous thinking that the bug could not invade Windows systems.

Microsoft said it was not sure if it would need to provide a security update through its normal monthly patch releases or issue what it called an ''out-of-cycle'' security update to protect users.

FREAK attacks could occur when an unsuspecting user operating a compromised machine visited a vulnerable, but supposedly HTTPS-secure website, that had been  downgraded to a weaker 512-bit cipher by an attacker.

 

Business History Videos

History of hovercraft Part 3 | Industry study | Business History

History of hovercraft Part 3...

Today I shall talk a bit more about the military plans for ...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of hovercraft Part 2 | Industry study | Business History

History of hovercraft Part 2...

In this episode of our history of hovercraft, we shall exam...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of Hovercraft Part 1 | Industry study | Business History

History of Hovercraft Part 1...

If you’ve been a James Bond movie fan, you may recall seein...

By Kiron Kasbekar | Presenter: Kiron Kasbekar

History of Trams in India | Industry study | Business History

History of Trams in India | ...

The video I am presenting to you is based on a script writt...

By Aniket Gupta | Presenter: Sheetal Gaikwad

view more
View details about the software product Informachine News Trackers