Time for All Windows Users to FREAK Out Over Encryption Bug

In this April 2, 2014 file photo, Microsoft CEO Satya Nadella gestures during the keynote address of the Build Conference in San Francisco. Microsoft on Thursday, July 17, 2014 announced it will lay off up to 18,000 workers over the next year. (AP Photo/Eric Risberg, File)
In this April 2, 2014 file photo, Microsoft CEO Satya Nadella gestures during the keynote address of the Build Conference in San Francisco. Microsoft on Thursday, July 17, 2014 announced it will lay off up to 18,000 workers over the next year. (AP Photo/Eric Risberg, File)
In this April 2, 2014 file photo, Microsoft CEO Satya Nadella gestures during the keynote address of the Build Conference in San Francisco. (AP Photo/Eric Risberg, File)

 

(Computer World) – Microsoft on Thursday confirmed that Windows was vulnerable to FREAK attacks, and researchers changed their tune, saying Internet Explorer (IE) users were at risk.

The news was a turnabout from earlier in the week, when researchers initially fingered only Apple’s iOS and OS X and Google’s Android operating systems as those that could fall victim to cybercriminals spying on purportedly secure communications between browsers and website servers.

By adding Windows to the list, the number of jeopardized users jumped dramatically: Windows powered 92% of all personal computers last month.

In a security advisory released Thursday, Microsoft said Windows was, in fact, vulnerable to FREAK (Factoring attack on RSA-EXPORT Keys).

“Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows,” Microsoft said in the advisory. “Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system.”

READ MORE

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.