Microsoft has issued a security warning about a bug that could let attackers spy on supposedly secure communications.Called “Freak”, the bug was found in software used to encrypt data passing between web servers and web users.Initially the flaw was thought only to affect some users of Android and Blackberry phones and Apple’s Safari web browser.Microsoft’s warning suggests millions more may be at risk of losing data.
http://m.bbc.com/news/technology-31765672Also see:Scope Of FREAK Flaw Widens As Microsoft Says Windows Affected Too
The number of users at risk from the recently discovered Factoring attack on RSA-Export Keys (FREAK) flaw has increased substantially with Microsoft’s confirmation Thursday that all supported releases of Windows are vulnerable to attacks that exploit the issue.However, security researchers remain optimistic that the actual chances of the flaw being exploited widely remain relatively low, simply because of the effort required to pull off the attack.
http://www.darkreading.com/scope-of-freak-flaw-widens-as-microsoft-says-windows-affected-too/d/d-id/1319380Microsoft Warns Schannel Vulnerable to FREAK Attacks
Microsoft today issued an advisory warning Windows users that Secure Channel, or Schannel, the Windows implementation of SSL/TLS, is vulnerable to the FREAK attack.Disclosed this week, FREAK (CVE-2015-1637) is the latest big Internet bug. It affects a number of SSL clients, including OpenSSL, and enables attackers to force clients to downgrade to weakened ciphers that can be broken and then supposedly encrypted traffic can be sniffed via man-in-the-middle attacks.
http://threatpost.com/microsoft-warns-schannel-vulnerable-to-freak-attacks/111474