Skip to main content

Microsoft now says Windows computers could have a ‘FREAK’ attack

kentucky hospital subjected to ransomware hacker keyboard
Image used with permission by copyright holder
Computers running Windows are vulnerable to the so-called “FREAK” attack, which gives hackers the power to decrypt secure traffic between a web surfer’s browser and the site she is visiting. Microsoft had said at first that the Windows system was immune to such attacks, but a recent advisory posted to the company’s TechNet site has confirmed the vulnerability.

“Microsoft is aware of a security feature bypass vulnerability in Secure Channel that affects all supported releases of Microsoft Windows,” the company wrote. “We are actively working with partners in our Microsoft Active Protections Program to provide information that they can use to provide broader protections to customers.”

Recommended Videos

Until the situation is under control, users are vulnerable to FREAK — but what is it exactly?

Please enable Javascript to view this content

“FREAK” is short for Factoring attack on RSA-EXPORT Keys, according to ArsTechnica.com. The attacks are possible when a vulnerable user logs onto a vulnerable HTTPS-protected website using a device prone to being compromised. In this case, Windows computers fall into that category.

PCs and laptops aren’t the only products that could have a FREAK attack, however. Prior to the announcement from Microsoft, everything from iPhones to Android devices was thought to be susceptible to an attack.

During a FREAK attack, hackers watch the traffic passing between browsers and vulnerable servers. They can then inject malicious packets into the flow that cause the two parties to use a weak, 512-bit encryption key. With this weakness in place, hackers can collect some of the exchanged information using cloud-based computing.

Security researchers have found that out of 14 million HTTPS-protected websites, about 36 percent of them supported weak cipher, rendering them vulnerable to a FREAK attack. They note that companies including Google, Microsoft, and Apple have been slow to develop patches, which hints that FREAK attacks pose a low threat at the moment.

So don’t FREAK out just yet.

Krystle Vermes
Former Digital Trends Contributor
Krystle Vermes is a professional writer, blogger and podcaster with a background in both online and print journalism. Her…
Don’t use your Windows PC without using these security settings
The Windows Security app in Windows 11.

Historically, Windows has had a bad reputation for security, and there are far more malware strains that target Windows than any other operating system out there -- largely due to the scale of PCs that exist in the world. With such a vast array of potential threats, it’s more important than ever to keep your Microsoft PC safe and protected.

But doing so doesn’t have to be difficult or expensive. In fact, you can start right now with just the computer you own, no extra software necessary. And if you do want to supplement your PC with some of the best Windows apps that will boost your security and privacy, you don’t need to pay a penny.

Read more
It’s time to say goodbye to the Windows Control Panel
windows 10 control panel

The newer Windows Settings app has been slowly stealing features from the legacy Control Panel for years, and now Microsoft has finally said the obvious out loud -- "the Control Panel is in the process of being deprecated in favor of the Settings app."

First spotted by Neowin, a new Microsoft support page has appeared covering the various system configuration tools in Windows 10 and 11. Not only does this page refer to Settings as "the main application to customize and manage Windows settings," but it also explicitly states that the Control Panel is being deprecated. It doesn't mention any kind of date or timeline, however, which likely means the Control Panel's death will continue to be as slow as it has been up to now.

Read more
Microsoft cracks down on Windows 11 upgrade requirements
A photo of the Sensel Click Composer Software running on Windows 11

With just a little more than a year left before Windows 10 hits its end-of-life, Microsoft has been busy encouraging people to upgrade to Windows 11. One of the hurdles with getting PCs upgraded to Windows 11, though, are the hardware requirements -- and now they're cracked down on harder.

A recent beta build of Windows 11 has patched the well-used "setup.exe /product server" workaround that allowed you to completely bypass the system requirements check and run Windows 11 on a non-compliant machine -- in other words, a machine without TPM 2.0.

Read more