Microsoft warns Windows vulnerable to FREAK bug

By

Affects Secure Channel package.

Microsoft has warned that all current versions of its Windows operating system are vulnerable to the recently discovered FREAK SSL/TLS protocol downgrade bug.

Microsoft warns Windows vulnerable to FREAK bug

In a security advisory published today, Microsoft revealed that its Secure Channel security package is vulnerable to the FREAK (or factoring attack on RSA export keys) vulnerability.

The bug was initially only thought to affect the Google Android and Apple iOS and OS X operating systems.

Using FREAK, attackers can trick servers to downgrade encryption for SSL/TLS to use keys with just 512 bits in length, making them vulnerable to brute-force guessing attacks.

The 512-bit keys are a remnant of United States export control regulations that required vendors to ship systems with weak cryptography in the 1990s.

Microsoft noted that for the attack to succeed, RSA key exchange export ciphers would have to be enabled.

The company suggested administrators disable RSA key exchange export ciphers using the Group Policy Editor as a workaround to mitigate against the flaw.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

Log In

  |  Forgot your password?