IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

FREAK hits all versions of Windows

Flaw in encryption affects all versions of Windows, but Microsoft has a workaround

Series of locks on binary code with one unlocked

Here's the bad news: Microsoft has admitted the FREAK SSL flaw affects all versions of Windows. 

But it's not time to freak out: Microsoft already has a workaround to help secure systems. 

FREAK is fully known as the Factoring Attack on RSA-EXPORT Keys. It's the result of US government bans against exporting encryption in the 1990s, with downgraded protections still in use in some systems - which hackers can take advantage of. 

Microsoft admitted that the downgrade attack could be used against all supported versions of the Windows OS. 

"Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system," Microsoft said in a security advisory post.

"The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems."

However, Microsoft said that at the time of publishing the advisory, it hadn't seen any information showing the flaw was being used to attack its customers. 

Microsoft is now investigating how best to protect users against the flaw, saying that may include a security patch arriving as part of its monthly update cycle or out of band, "depending on customer needs".

In the meantime, Microsoft is offering a workaround that disables RSA key exchange ciphers using the Group Policy Object Editor, although that will mean Windows can't connect to systems that don't support Microsoft's list of approved ciphers.

Full details are available here

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Twilio account breach result of sophisticated social engineering campaign
Security

Twilio account breach result of sophisticated social engineering campaign

9 Aug 2022
Over 200,000 DrayTek routers vulnerable to total device takeover
Security

Over 200,000 DrayTek routers vulnerable to total device takeover

3 Aug 2022
Data on 69 million Neopets users stolen and listed for sale on hacker forum
Security

Data on 69 million Neopets users stolen and listed for sale on hacker forum

21 Jul 2022
HackerOne employee fired for using position to steal bug bounties
Security

HackerOne employee fired for using position to steal bug bounties

4 Jul 2022

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022