The FREAK vulnerability isn't just placing Apple, Android, and OpenSSL users at risk. Microsoft has discovered that all current versions of Windows are also susceptible to man-in-the-middle attacks. Here's what Redmond has to say about the vulnerability:
Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows. Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system. The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems. When this security advisory was originally released, Microsoft had not received any information to indicate that this issue had been publicly used to attack customers.
Microsoft's advisory page says the company will take "appropriate action" to patch the bug, which might include a Patch Tuesday update or a standalone fix. The firm also provides a manual workaround for those who want to take matters into their own hands immediately.
|Samsung's Notebook 9 portables rock eighth-gen Core i7s||2|
|Thursday deals: a nice Z370 mobo, a huge VA display, and more||0|
|Rumor: Ryzen 2 set for Q1 2018 and a Fenghuang APU breaks cover||42|
|TR's 2017 Christmas giveaway: eight days left and counting||7|
|MSI gives Radeon RX Vega cards an Air Boost||22|
|Corsair's latest SO-DIMM kit takes 32 GB of DDR4 to 4000 MT/s||8|
|Report: Intel Inside co-marketing program will get a budget cut||32|
|Gingerbread House Day Shortbread||17|
|iMac Pro details and release date come into focus||49|
|Full disclosure: while I work for Intel; the opinions I express here are my own I think I understanding the issue you ran into. For the Braswell platf...||+36|