FREAK hits all versions of Windows
Flaw in encryption affects all versions of Windows, but Microsoft has a workaround
Here's the bad news: Microsoft has admitted the FREAK SSL flaw affects all versions of Windows.
But it's not time to freak out: Microsoft already has a workaround to help secure systems.
FREAK is fully known as the Factoring Attack on RSA-EXPORT Keys. It's the result of US government bans against exporting encryption in the 1990s, with downgraded protections still in use in some systems - which hackers can take advantage of.
Microsoft admitted that the downgrade attack could be used against all supported versions of the Windows OS.
"Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system," Microsoft said in a security advisory post.
"The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems."
However, Microsoft said that at the time of publishing the advisory, it hadn't seen any information showing the flaw was being used to attack its customers.
Microsoft is now investigating how best to protect users against the flaw, saying that may include a security patch arriving as part of its monthly update cycle or out of band, "depending on customer needs".
In the meantime, Microsoft is offering a workaround that disables RSA key exchange ciphers using the Group Policy Object Editor, although that will mean Windows can't connect to systems that don't support Microsoft's list of approved ciphers.
Full details are available here.
The state of Salesforce: Future of business
Three articles that look forward into the changing state of Salesforce and the future of businessFree Download
The mighty struggle to migrate SAP to the cloud may be over
A simplified and unified approach to delivering Enterprise Transformation in the cloudFree Download
The business value of the transformative mainframe
Modernising on the mainframeFree Download
The Total Economic Impact™ Of IBM FlashSystem
Cost savings and business benefits enabled by FlashSystemFree Download