All active versions of Microsoft Windows are vulnerable to FREAK encryption flaw that leaves systems vulnerable to having their electronic communications intercepted.
IT security experts originally thought that Safari and Android were the only ones vulnerable to this flaw however Microsoft warned that the encryption including Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are also vulnerable. Microsoft has investigated and verified that the vulnerability could allow an attacker to exploit this vulnerability.
Industry researchers have stated that there was no evidence hackers had exploited. A new security advisory released by Microsoft stated that all supported versions of Windows including its Server products are vulnerable to FREAK attacks.
FREAK attacks by downgrading the cipher suites used in Secure Sockets Layer (SSL) and Transport Layer Security (TLS) connections.
The FREAK vulnerability is linked to the US government’s ban on exports of software featuring strong encryption in the early 1990s, where only 512-bit RSA keys were allowed for export. Of more than 14 million websites scanned for the FREAK, over 36 percent of them were found to be vulnerable.
How do you protect yourself from “Freak” encryption flaw?
Simple. Windows users can obtain March’s Patch Tuesday slate, including the FREAK fix, via the Windows Update service, as well as through the enterprise-oriented WSUS (Windows Server Update Services).
365 iT SOLUTIONS is a leading managed services provider (MSP) in Toronto delivering a wide variety of industry leading IT consulting services including Managed IT Services, IT Support Services, IT Outsourcing Services, Tech Support Services and Cloud Services.
Take advantage of our Complimentary Network and Security Assessment