• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 20th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Microsoft

Windows Vulnerable To Critical Freak SSl Flaw, Microsoft says

March 7th, 2015 Waqas Microsoft, Security, Technology News 0 comments
Windows Vulnerable To Critical Freak SSl Flaw, Microsoft says
Share on FacebookShare on Twitter

Microsoft has revealed that Windows is vulnerable to a critical Freak SSl Flaw.

Freak is a security bug that facilitates cybercriminals to conduct man-in-the-middle attacks on connections like Sockets Layer (SSL) and Transport Layer Security (TLS) that are encrypted by an outdated cipher.

And Freak has claimed another potential victim, this time the Microsoft Secure Channel Stack.

The company confirmed the vulnerability in an official statement:

“Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows. The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems.”

windows-vulnerable-to-critical-freak-ssl-flaw-microsoft-says

Though Microsoft’s Research team collaborated with European cryptographers in discovering FREAK, but the company chose not to disclose Windows’ flaw until yesterday.

“When this security advisory was originally released, Microsoft had not received any information to indicate that this issue had been publicly used to attack customers.”

Microsoft, reportedly, is “actively working” with its Microsoft Active Protections Program partners for protecting them and after thorough investigation the company would “take the appropriate action to help protect customers”.

According to Microsoft, “This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.”

Versions of Windows affected by Freak include: Windows Server 2003, Windows Vista, Windows Server 2008, Windows 7, Windows 8 and 8.1, Windows Server 2012, and Windows RT.

The company informed that users can deactivate the RSA key exchange ciphers, which paves the way for FREAK’s intervention by altering the SSL Cipher Suite in the Group Policy Object Editor. However, this cannot be achieved by users of Windows Server 2003 because it doesn’t allow enabling or disabling of individual ciphers.

“Windows servers are not impacted in the default configuration (export ciphers disabled),” says Microsoft.

The browsers affected by Freak include Internet Explorer, Chrome on Android, the stock Android browser, Safari on Mac OS X and iOS, BlackBerry browser, and Opera on Mac OS X and Linux. 

Check here if your browser if affected by Freak security flaw. Follow @HackRead

  • Tags
  • FREAK SSL
  • Mac
  • security
  • Vulnerability
  • Windows
Facebook Twitter LinkedIn Pinterest
Previous article Entering Phone number now MUST for Tor users to open a new Twitter account
Next article BEWARE: uTorrent Update Installs Bitcoin Mining Software
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
WhatsApp Pink is malware spreading through group chats

WhatsApp Pink is malware spreading through group chats

2021 and Emerging Cybersecurity Threats

2021 and Emerging Cybersecurity Threats

Unpatched MS Exchange servers hit by cryptojacking malware

Unpatched MS Exchange servers hit by cryptojacking malware

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Hackers claims to be selling 13tb of Domino’s India data
Hacking News

Hackers claims to be selling 13tb of Domino’s India data

WhatsApp Pink is malware spreading through group chats
Security

WhatsApp Pink is malware spreading through group chats

A hacker claims to be selling sensitive data from OTP generating firm
Hacking News

A hacker claims to be selling sensitive data from OTP generating firm

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us