Friday, 6 March 2015

Microsoft Warns Of TLS / SSL Vulnerability In Windows


Not only Android and Apple users at risk revealed by this week " FREAK attack "on TLS / SSL, even Windows users are vulnerable, so let Microsoft know . Through the leak, an attacker who is between a target and the Internet is in some cases the encryption of the encrypted connection to downgrade to a weak encryption to crack then that and to see the encrypted traffic.

Initially it was claimed that Apple TLS / SSL clients such as Safari, and the standard Android browser were vulnerable.According to Microsoft, the problem is also present in all supported versions of Windows. In order to succeed, the attack is also requires that the server that the user a secure connection setup supports "RSA key exchange export ciphers". Research among 14 million websites shows that this at 36.7% is still the case. Several Internet companies, however, have indicated that export-grade encryption to phase out.

Or Microsoft comes up with an emergency patch for the problem is still unknown. The software giant says to investigate the problem and on that basis to decide whether an emergency patch appears that the update through the monthly patch cycle is distributed. Microsoft claims to have no information to suggest that Windows users have been attacked by the vulnerability. In anticipation of the update, Windows Users weak encryption itself off . However, this can ensure that Windows can not connect to systems that support only weak encryption.

Researchers develop Freakattack.com that are far more vulnerable browsers than assumed initially. On the website you will find a list of vulnerable clients. It comes to Internet Explorer, Chrome on Mac OS, Chrome on Android, Safari on Mac OS X, Safari on iOS, the default Android browser, Blackberry browser, Opera on Mac OS X and Opera on Linux. Chrome on Mac OS is now an update available. Updates for Safari should appear next week.

No comments:

Post a Comment