The FREAK vulnerability isn't just placing Apple, Android, and OpenSSL users at risk. Microsoft has discovered that all current versions of Windows are also susceptible to man-in-the-middle attacks. Here's what Redmond has to say about the vulnerability:
Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows. Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system. The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems. When this security advisory was originally released, Microsoft had not received any information to indicate that this issue had been publicly used to attack customers.
Microsoft's advisory page says the company will take "appropriate action" to patch the bug, which might include a Patch Tuesday update or a standalone fix. The firm also provides a manual workaround for those who want to take matters into their own hands immediately.
|Lenovo ThinkCentre and ThinkPad machines pack AMD PRO APUs||7|
|iOS 10.1 update includes portrait mode beta for iPhone 7 Plus||1|
|Biostar belatedly announces GTX 1060 graphics cards||9|
|HyperX Alloy keyboard gets lean and mean for FPS gaming||6|
|AMD drops prices on the Radeon RX 460 and RX 470||49|
|Reports: Radeon RX 470D is a budget Polaris card for China||9|
|Examining reports of slow write speeds on the 32GB iPhone 7||33|
|Cellular Insights dissects iPhone 7 Plus modem performance||11|
|Deals of the week: scads of high-performance storage and more||9|
|A real "console monitor" would be 720p @ 30 Hz ;P||+63|