It was just a week before that Microsoft Windows versions were found to be vulnerable to a decade-old encryption bug known as FREAK (Factoring RSA Export Keys) vulnerability. We had already mentioned the detailed news about this issue in a previous post in this blog titled as “Microsoft Windows Versions Found to be Vulnerable to FREAK Encryption Bug”.
This vulnerability worked by forcing systems to downgrade the key length of an RSA key to 512 bits, which was easier to crack and provided with a way for an attacker to intercept SSL traffic as it moved between clients and servers.
Finally, Microsoft has released a fix against this flaw in its regular Patch Tuesday updates.
Microsoft offered it in the form of a security bulletin this Tuesday, five of which are marked as crucial indicating that administrators should implement them as soon as possible. It relates to the flaws encountered in consumer as well as server editions of Windows, Internet Explorer, Office, SharePoint Server and Exchange Server.
As per the available information, earlier, due to this encryption flaw, it was possible for an attacker to secretly access and even change the communications among different parties. The FREAK vulnerability, which itself resided in SSL is now resolved as Microsoft has fixed the SSL implementations in its own software through MS15-0331 update. Moreover, Apple and Google (and Cisco) have also released their own patches against this vulnerability.
This Patch Tuesday release contained 14 bulletins in all. Out of them, five have been rated as critical. They include ugs related to the Windows VBScript scripting engine, remote code execution vulnerabilities in Office, remote code execution bugs in the Adobe Font Driver.
Microsoft also did offer more fixes than only these critical flaws. You can know more about all the patches issued by Microsoft on this Patch Tuesday by visiting the Microsoft’s Security Bulletin Summary for March 2015. Now, when the patches have already been released, it is advisable to update your computers at the earliest.
Latest posts by Rahul Vaghasia (see all)
(Visited 12 times, 1 visits today)