“Microsoft is aware of a security feature bypass vulnerability in Secure Channel that affects all supported releases of Microsoft Windows,” the company wrote. “We are actively working with partners in our Microsoft Active Protections Program to provide information that they can use to provide broader protections to customers.”
Until the situation is under control, users are vulnerable to FREAK — but what is it exactly?
“FREAK” is short for Factoring attack on RSA-EXPORT Keys, according to ArsTechnica.com. The attacks are possible when a vulnerable user logs onto a vulnerable HTTPS-protected website using a device prone to being compromised. In this case, Windows computers fall into that category.
PCs and laptops aren’t the only products that could have a FREAK attack, however. Prior to the announcement from Microsoft, everything from iPhones to Android devices was thought to be susceptible to an attack.
During a FREAK attack, hackers watch the traffic passing between browsers and vulnerable servers. They can then inject malicious packets into the flow that cause the two parties to use a weak, 512-bit encryption key. With this weakness in place, hackers can collect some of the exchanged information using cloud-based computing.
Security researchers have found that out of 14 million HTTPS-protected websites, about 36 percent of them supported weak cipher, rendering them vulnerable to a FREAK attack. They note that companies including Google, Microsoft, and Apple have been slow to develop patches, which hints that FREAK attacks pose a low threat at the moment.
So don’t FREAK out just yet.
Editors' Recommendations
- If you have an AMD GPU, stay away from the latest Windows Update
- Microsoft is removing a Windows app that’s almost 30 years old
- Microsoft teases design overhaul of major Windows 11 app
- Is macOS more secure than Windows? This malware report has the answer
- Windows 11 could be hurting your gaming performance