Skip to main content

Microsoft now says Windows computers could have a ‘FREAK’ attack

kentucky hospital subjected to ransomware hacker keyboard
Image used with permission by copyright holder
Computers running Windows are vulnerable to the so-called “FREAK” attack, which gives hackers the power to decrypt secure traffic between a web surfer’s browser and the site she is visiting. Microsoft had said at first that the Windows system was immune to such attacks, but a recent advisory posted to the company’s TechNet site has confirmed the vulnerability.

“Microsoft is aware of a security feature bypass vulnerability in Secure Channel that affects all supported releases of Microsoft Windows,” the company wrote. “We are actively working with partners in our Microsoft Active Protections Program to provide information that they can use to provide broader protections to customers.”

Until the situation is under control, users are vulnerable to FREAK — but what is it exactly?

“FREAK” is short for Factoring attack on RSA-EXPORT Keys, according to ArsTechnica.com. The attacks are possible when a vulnerable user logs onto a vulnerable HTTPS-protected website using a device prone to being compromised. In this case, Windows computers fall into that category.

PCs and laptops aren’t the only products that could have a FREAK attack, however. Prior to the announcement from Microsoft, everything from iPhones to Android devices was thought to be susceptible to an attack.

During a FREAK attack, hackers watch the traffic passing between browsers and vulnerable servers. They can then inject malicious packets into the flow that cause the two parties to use a weak, 512-bit encryption key. With this weakness in place, hackers can collect some of the exchanged information using cloud-based computing.

Security researchers have found that out of 14 million HTTPS-protected websites, about 36 percent of them supported weak cipher, rendering them vulnerable to a FREAK attack. They note that companies including Google, Microsoft, and Apple have been slow to develop patches, which hints that FREAK attacks pose a low threat at the moment.

So don’t FREAK out just yet.

Editors' Recommendations

Krystle Vermes
Former Digital Trends Contributor
Krystle Vermes is a professional writer, blogger and podcaster with a background in both online and print journalism. Her…
PC gamers are flocking to Windows 11, new Steam survey says
Shadow of the Tomb Raider on the Alienware 34 QD-OLED.

According to the latest Steam Hardware and Software Survey, more PC gamers are switching to using Windows 11. Although Windows 10 continues to top the charts, it's slowly losing users to Microsoft's newer operating system, as Windows 11 now compromises over a third of all operating systems in Steam's monthly survey.

It's happy news for Microsoft as Windows 11 continues to inch forward in the Steam Hardware Survey. While the survey doesn't include the software and hardware utilized by each and every gamer on the platform, it still shows us some significant averages. Microsoft has continued to push Windows 11 for new PCs, and the latest survey from Steam suggests that the effort is working.

Read more
5 Windows 11 settings to change right now
Person sitting and using a Windows Surface computer with Windows 11.

Windows 11 is great -- it's worth upgrading to from Windows 10. But as with every version of Windows, it's at its best when you make some tweaks to it. Beyond making Windows 11 look like Windows 10, or customizing the Windows 11 taskbar, there are a few changes anyone can make to Windows 11, and they're changes that everyone should make. In my humble opinion, at least.

So, if you're looking for an upgraded, augmented, and altogether better Windows 11 experience, here are the top five changes you should make to it right now.
Disable tracking and personalization
If, like me, you aren't a fan of deep personalization or data collection on you in general, then like me, you'll be looking for the least-tracked version of Windows you can find. While Windows 11 does collect more data on you than previous versions, you can disable some of it, and restrict the way the operating system automatically personalizes your experience.

Read more
Apple’s security trumps Microsoft and Twitter’s, say feds
Apple's Craig Federighi speaking about macOS security at WWDC 2022.

Apple has long held a reputation for rock-solid security, and now the U.S. government seemingly agrees after praising the company for its security procedures. At the same time, the feds have suggested Microsoft and Twitter need to pull their socks up and make their products much more secure for their users, according to CNBC.

In a speech given at Carnegie Mellon University, Cybersecurity and Infrastructure Security Agency Director Jen Easterly pointed to Apple as a company that took security and accountability seriously, and suggested other companies should take note.

Read more