Η Microsoft δήλωσε ότι οι εφαρμογές SSL/TLS σε όλες τις εκδόσεις των Windows είναι ευάλωτες σε attacks that exploit the FREAK flaw.
This means that if you use Windows, an intruder on your network may potentially cause Internet Explorer and other Windows programs that use the secure channel to use weak encryption via the web.
Degraded HTTPS connections can be easily broken, exposing sensitive information data, such as login cookies and banking information.
"OR Microsoft is aware of Schannel's vulnerability that affects it all supported versions of Windows.
"Our research has verified that the vulnerability could allow an attacker to force the downgrading of applications that use SSL / TLS connections to a Windows client system."
The company also says that at the time of writing there were no attacks!
The bug (CVE-2015-1637) in Windows' Secure Channel component is not thought to be under active attack by eavesdroppers at the time of writing.
Microsoft probably wants to reassure its customers, stating in a few words "vulnerability exists in all our systems but stay calm"
The vulnerability FRAK (Factoring attack on RSA-EXPORT Keys) as mentioned in a previous publication allows to decrypt cookies and other sensitive information from HTTPS connections to vulnerable browsers.
So far, versions of Google Chrome for OS X prior to version 41.0.2272.76 και για το BlackBerry OS 10.3 είναι γνωστό ότι είναι ευάλωτες. Οι χρήστες μπορούν να επισκεφθούν την by clicking here freakattack.com to see if they are safe.
Let's also mention that hundreds of Cloud service providers have not repaired the vulnerability. Skyhigh Networks reports that 766 cloud services were still at risk one day after FREAK appeared, based on an analysis performed on 10.000 over different services.