Microsoft warns Windows vulnerable to FREAK bug

By

Affects Secure Channel package.

Microsoft has warned that all current versions of its Windows operating system are vulnerable to the recently discovered FREAK SSL/TLS protocol downgrade bug.

Microsoft warns Windows vulnerable to FREAK bug

In a security advisory published today, Microsoft revealed that its Secure Channel security package is vulnerable to the FREAK (or factoring attack on RSA export keys) vulnerability.

The bug was initially only thought to affect the Google Android and Apple iOS and OS X operating systems.

Using FREAK, attackers can trick servers to downgrade encryption for SSL/TLS to use keys with just 512 bits in length, making them vulnerable to brute-force guessing attacks.

The 512-bit keys are a remnant of United States export control regulations that required vendors to ship systems with weak cryptography in the 1990s.

Microsoft noted that for the attack to succeed, RSA key exchange export ciphers would have to be enabled.

The company suggested administrators disable RSA key exchange export ciphers using the Group Policy Editor as a workaround to mitigate against the flaw.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Log In

  |  Forgot your password?