Local Community Advertising
PC users are left vulnerable when visiting secure websites after a security flaw referred to as “FREAK” was confirmed by Microsoft on Thursday.
In a press release, Microsoft acknowledge a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported Microsoft Windows.
Schannel refers to the Security Support Provider that implements the Secure Sockets Layer (SSL) and Transport Layer Security(TLS). These components are used to facilitate secure communications while surfing the net and network applications.
Essentially, the security flaw can allow an attacker to spy on users via downgrading of the cipher suites used in the SSL and TLS components.
When the security issue came to light, Microsoft initially believed PC users would not be affected by the vulnerability, however; the company has since confirmed FREAK exploitation.
“The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems. When this security advisory was originally released, Microsoft had not received any information to indicate that this issue had been publicly used to attack customers,” read the press release.
In the event of security vulnerability, Microsoft suggests that PC users apply workarounds. Workarounds are a setting or configuration change that won't correct the underlying isssue, but will help block known attack vectors before a security update is available.
To apply workarounds users can disable the RSA key exchange ciphers in Windows Vista and later systems by modifying the SSL cipher suite. For a step-by-step guide in applying workarounds, click here.
The security vulnerability is under investigation. Microsoft will provide security updates where applicable.
Local Community Advertising