Windows Vulnerable to FREAK

Microsoft confirms that most production versions of Windows are susceptible to the FREAK vulnerability in schannel (secure channel), where an attacker can force a downgrade in the SSL and then perform a man-in-the-middle attack. I last reported that FREAK only affected Google Android and Apple iPhone browsers.

mitm

Microsoft does suggest a work-around with a modification to the GPO (Found here), which doesn’t fix the problem but will lessen the likelihood a little.

This entry was posted in Security Blog and tagged , , , , , , , , , , , . Bookmark the permalink.