Microsoft Addressed FREAK & Stuxnet Vulnerabilities
Microsoft has come up with the most important Patch Tuesday to address the "FREAK" security vulnerability, an encryption flaw that leaves device users vulnerable to having their electronic communications obstructed.
Microsoft's regularly scheduled Patch Tuesday also included an updated patch for Stuxnet, a five-year-old vulnerability that affects windows operating system. Stuxnet is viewed as potentially the most dangerous piece of computer malware discovered. It's been developed on an unrivalled scale and has the capability to target and control specified industrial machinery. Once the malware infects the system it can spread to other computers on the local intranet. It is not an internet-based piece of malware; it can spread through indirect internet usage.
The FREAK (Factoring RSA Export Keys) allows an attacker on your websites to use weakened encryption. Once a site's encryption is cracked, hackers can then steal data such as passwords, and hijack elements on the page.
Researchers said there was no evidence hackers had exploited the vulnerability, which they blamed on a former US policy that banned US companies from exporting the strongest encryption standards available. The restrictions were lifted in the late 1990s, but the weaker standards were already part of software used widely around the world, including Windows and the web browsers.
Microsoft confirmed that the encryption protocols used in all supported version of Windows were also vulnerable to the flaw. Microsoft has mentioned in its security bulletin that Apple's Safari and Google's Android browsers were also identified as being susceptible to the flaw.
Besides these two critical issues, the company has also revealed a set of other updates. Microsoft's March 2015 Patch Tuesday update includes a total of 14 security-related updates for 43 vulnerabilities affecting Internet Explorer, VBscript, Text Services, Adobe Font Drivers, and Office.
Microsoft's FREAK patch comes a day after the release of Apple iOS 8.2, which includes a fix designed to rectify the problem on Apple's mobile devices. Google has also developed a fix and is issuing to device makers and wireless carriers.
Microsoft's regularly scheduled Patch Tuesday also included an updated patch for Stuxnet, a five-year-old vulnerability that affects windows operating system. Stuxnet is viewed as potentially the most dangerous piece of computer malware discovered. It's been developed on an unrivalled scale and has the capability to target and control specified industrial machinery. Once the malware infects the system it can spread to other computers on the local intranet. It is not an internet-based piece of malware; it can spread through indirect internet usage.
The FREAK (Factoring RSA Export Keys) allows an attacker on your websites to use weakened encryption. Once a site's encryption is cracked, hackers can then steal data such as passwords, and hijack elements on the page.
Researchers said there was no evidence hackers had exploited the vulnerability, which they blamed on a former US policy that banned US companies from exporting the strongest encryption standards available. The restrictions were lifted in the late 1990s, but the weaker standards were already part of software used widely around the world, including Windows and the web browsers.
Microsoft confirmed that the encryption protocols used in all supported version of Windows were also vulnerable to the flaw. Microsoft has mentioned in its security bulletin that Apple's Safari and Google's Android browsers were also identified as being susceptible to the flaw.
Besides these two critical issues, the company has also revealed a set of other updates. Microsoft's March 2015 Patch Tuesday update includes a total of 14 security-related updates for 43 vulnerabilities affecting Internet Explorer, VBscript, Text Services, Adobe Font Drivers, and Office.
Microsoft's FREAK patch comes a day after the release of Apple iOS 8.2, which includes a fix designed to rectify the problem on Apple's mobile devices. Google has also developed a fix and is issuing to device makers and wireless carriers.
