Date: 2015/03/14
According to “cnet”, Microsoft released a Windows update Tuesday to address the "FREAK" security vulnerability, a decade-old encryption flaw that leaves device users vulnerable to having their electronic communications intercepted.
The update -- among 14 bulletins issued as part of Microsoft's regularly scheduled Patch Tuesday - also included an updated patch for Stuxnet, a sophisticated computer virus Microsoft said it addressed five years ago. The FREAK bulletin -- rated "important," Microsoft's second highest ranking security ranking -- came less than a week after Microsoft acknowledged that the encryption protocols used in all supported version of Windows were also vulnerable to the flaw.
In its security bulletin announcing the fix, released as part of Microsoft's regularly scheduled Patch Tuesday, Microsoft noted that Apple's Safari and Google's Android browsers were also identified as being susceptible to the flaw.
Researchers said there was no evidence hackers had exploited the vulnerability, which they blamed on a former US policy that banned US companies from exporting the strongest encryption standards available.
Microsoft's update also revisited Stuxnet, a highly destructive worm thought to have been developed jointly in secret by US and Israel to infect a nuclear enrichment facility in Iran in 2010. Rather than steal data, Stuxnet left a back door meant to be accessed remotely to allow outsiders to stealthily knock the facility offline and at least temporarily cripple Iran's nuclear program. While Microsoft issued a patch in 2010 to close a hole being used by the Stuxnet to infect PCs, Tuesday's update addressed a pair of remote code execution vulnerabilities.
- 8