FREAK (Factoring RSA-EXPORT Keys) security vulnerability was initially thought to be a threat only for Mac and Android based smartphones/tablets.
However, on March 5, 2015, Microsoft released security advisory stating that Windows PC running any of the supported releases of Windows are also vulnerable to the “FREAK” security vulnerability.
According to Microsoft’s investigation; FREAK is found to affect majority of its operating systems, including Windows Server 2003, Windows Server 2008, Windows Server 2012, Windows RT, Windows Vista, Windows 7, Windows 8, and Windows 8.1.
What is FREAK Vulnerability?
FREAK is an old encryption vulnerability allows attackers to intercept electronic communications while visiting any of countless websites including Whitehouse.gov, FBI.gov, Bloomberg.com, MIT.edu, Cornell.edu and USAJobs.gov. This vulnerability allow an attacker to force downgrading of the cipher suites used in SSL/TLS connection on a server- client system.
Any successful hacking attempt allow hackers to infect the system with malicious code, spy on electronic communications and steal confidential user data.
Security Experts believes that FREAK vulnerability is relatively difficult to exploit. Because, attackers would need many hours of computer time to find a vulnerable web server, key breaking, find a vulnerable computer system/mobile device and gain access to these systems.
How to fix FREAK?
As a workaround, Microsoft has advised administrators to disable settings on Windows systems that allow use of the weaker encryption. Microsoft said that; they are still examining the threat in detail and is yet to develop any update which would be able to protect Windows PCs from this vulnerability. They may provide security update through monthly release process (Patchy Tuesday) or an out-of-cycle security update.
Apple said, they have developed a software update which would be pushed out to customers next week.
Google has also developed a patch, which would soon to be distributed to Android device makers.