Microsoft recently released a patch that would address vulnerability issues on all computers running on their Windows operating system. The announcement and release was made on the company’s TechNet blog after confirming the vulnerability to FREAK attacks that allow hackers the ability of decrypt secure traffic between a web surfer’s browser and the site they are visiting.
“Microsoft is aware of a security feature bypass vulnerability in Secure Channel that affects all supported releases of Microsoft Windows,” the company wrote. “We are actively working with partners in our Microsoft Active Protections Program to provide information that they can use to provide broader protections to customers.”
The patch comes as more than just simple IT maintenance. It comes as Microsoft’s resolution to a security issue that can potentially facilitate exploitation of the publicly disclosed FREAK technique, as it is more commonly known. FREAK is actually short for Factoring attack on RSA-EXPORT Keys. The attacks can happen when a vulnerable computer user logs onto a vulnerable HTTPS-protected site using a device (in this case, a Windows computer) prone to getting compromised.
So what happens during a FREAK attack? Hackers who are closely monitoring traffic between browsers and vulnerable servers can inject malicious packets that can cause the two parties to utilize a weaker 512-bit encryption key which then, using cloud computing, allows them to collect exchanged information.
IT maintenance professionals say that the update, called MS15-031, is recommended to Windows users and is already available for download and installation. This update or patch fixes SSL implementations that reduce the chances of a FREAK attack.
However, Windows users are not the only ones vulnerable to FREAK attacks. Smartphones and devices that run on iOS and Android are also said to be susceptible to this security vulnerability.