“Microsoft is aware of a security feature bypass vulnerability in Secure Channel that affects all supported releases of Microsoft Windows,” the company wrote. “We are actively working with partners in our Microsoft Active Protections Program to provide information that they can use to provide broader protections to customers.”
Until the situation is under control, users are vulnerable to FREAK — but what is it exactly?
“FREAK” is short for Factoring attack on RSA-EXPORT Keys, according to ArsTechnica.com. The attacks are possible when a vulnerable user logs onto a vulnerable HTTPS-protected website using a device prone to being compromised. In this case, Windows computers fall into that category.
PCs and laptops aren’t the only products that could have a FREAK attack, however. Prior to the announcement from Microsoft, everything from iPhones to Android devices was thought to be susceptible to an attack.
During a FREAK attack, hackers watch the traffic passing between browsers and vulnerable servers. They can then inject malicious packets into the flow that cause the two parties to use a weak, 512-bit encryption key. With this weakness in place, hackers can collect some of the exchanged information using cloud-based computing.
Security researchers have found that out of 14 million HTTPS-protected websites, about 36 percent of them supported weak cipher, rendering them vulnerable to a FREAK attack. They note that companies including Google, Microsoft, and Apple have been slow to develop patches, which hints that FREAK attacks pose a low threat at the moment.
So don’t FREAK out just yet.
Editors' Recommendations
- How to use Bing Image Creator to generate AI images for free
- Bing Image Creator brings DALL-E AI-generated images to your browser
- ChatGPT: how to use the viral AI chatbot that everyone’s talking about
- Microsoft’s Bing Chat waitlist is gone — how to sign up now
- Dell’s first Windows 11 ARM laptop is priced like a Chromebook
