Microsoft warns Windows vulnerable to FREAK bug

By
Follow google news

Affects Secure Channel package.

Microsoft has warned that all current versions of its Windows operating system are vulnerable to the recently discovered FREAK SSL/TLS protocol downgrade bug.

Microsoft warns Windows vulnerable to FREAK bug

In a security advisory published today, Microsoft revealed that its Secure Channel security package is vulnerable to the FREAK (or factoring attack on RSA export keys) vulnerability.

The bug was initially only thought to affect the Google Android and Apple iOS and OS X operating systems.

Using FREAK, attackers can trick servers to downgrade encryption for SSL/TLS to use keys with just 512 bits in length, making them vulnerable to brute-force guessing attacks.

The 512-bit keys are a remnant of United States export control regulations that required vendors to ship systems with weak cryptography in the 1990s.

Microsoft noted that for the attack to succeed, RSA key exchange export ciphers would have to be enabled.

The company suggested administrators disable RSA key exchange export ciphers using the Group Policy Editor as a workaround to mitigate against the flaw.

Add iTnews as your trusted source

Add iTnews As Your Trusted Source Add iTnews As Your Trusted Source
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
bugfreakmicrosoftsecurityssltlswindows

Sponsored Whitepapers

Agile in the AI Era: why projects still fail
Agile in the AI Era: why projects still fail
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
When Technology Becomes the Blocker: Unlocking Real Outcomes from AI and Cloud
High-volume data sources for AI-driven security analytics
High-volume data sources for AI-driven security analytics
How healthcare organisations can get more value from cloud
How healthcare organisations can get more value from cloud
1 in 3 companies lose SaaS data. Here’s how to prevent it
1 in 3 companies lose SaaS data. Here’s how to prevent it

Events

Most Read Articles

Anthropic opens Claude Mythos Preview AI program to Australia

Anthropic opens Claude Mythos Preview AI program to Australia
Defence says Palantir is "sandboxed" in its environment

Defence says Palantir is "sandboxed" in its environment
Services Australia describes fraud, debt-related machine learning use cases

Services Australia describes fraud, debt-related machine learning use cases
Microsoft backs down on legal threats against 0day disclosing researchers

Microsoft backs down on legal threats against 0day disclosing researchers
techpartner.news logo
Sydney-based AI-cloud waste startup raises $3m
Sydney-based AI-cloud waste startup raises $3m
Brennan uses NiCE to modernise its contact centre
Brennan uses NiCE to modernise its contact centre
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Impact Awards: Tecala slashes customer response times for fintech IQumulate
Interactive introduces private cloud platform
Interactive introduces private cloud platform
Digital61 expands cybersecurity portfolio
Digital61 expands cybersecurity portfolio

Log In

  |  Forgot your password?