FREAK vulnerability can affect Windows, as well

The FREAK vulnerability isn't just placing Apple, Android, and OpenSSL users at risk. Microsoft has discovered that all current versions of Windows are also susceptible to man-in-the-middle attacks. Here's what Redmond has to say about the vulnerability:

Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows. Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system. The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems. When this security advisory was originally released, Microsoft had not received any information to indicate that this issue had been publicly used to attack customers.

Microsoft's advisory page says the company will take "appropriate action" to patch the bug, which might include a Patch Tuesday update or a standalone fix. The firm also provides a manual workaround for those who want to take matters into their own hands immediately.

For what it's worth, the FREAK Attack page doesn't flag my system as vulnerable, but I'll definitely sleep easier once Microsoft issues a fix. Hat tip to Ars Technica for the initial story.

Tip: You can use the A/Z keys to walk threads.
View options

This discussion is now closed.