Microsoft Addressed FREAK & Stuxnet Vulnerabilities

Microsoft has come up with the most important Patch Tuesday to address the “FREAK” security vulnerability, an encryption flaw that leaves device users vulnerable to having their electronic communications obstructed.

Microsoft’s regularly scheduled Patch Tuesday also included an updated patch for Stuxnet, a five-year-old vulnerability that affects windows operating system. Stuxnet is viewed as potentially the most dangerous piece of computer malware discovered. It’s been developed on an unrivalled scale and has the capability to target and control specified industrial machinery. Once the malware infects the system it can spread to other computers on the local intranet. It is not an internet-based piece of malware; it can spread through indirect internet usage.

The FREAK (Factoring RSA Export Keys) allows an attacker on your websites to use weakened encryption. Once a site’s encryption is cracked, hackers can then steal data such as passwords, and hijack elements on the page.

Researchers said there was no evidence hackers had exploited the vulnerability, which they blamed on a former US policy that banned US companies from exporting the strongest encryption standards available. The restrictions were lifted in the late 1990s, but the weaker standards were already part of software used widely around the world, including Windows and the web browsers.

Microsoft confirmed that the encryption protocols used in all supported version of Windows were also vulnerable to the flaw. Microsoft has mentioned in its security bulletin that Apple’s Safari and Google’s Android browsers were also identified as being susceptible to the flaw.

Besides these two critical issues, the company has also revealed a set of other updates. Microsoft’s March 2015 Patch Tuesday update includes a total of 14 security-related updates for 43 vulnerabilities affecting Internet Explorer, VBscript, Text Services, Adobe Font Drivers, and Office.

Microsoft’s FREAK patch comes a day after the release of Apple iOS 8.2, which includes a fix designed to rectify the problem on Apple’s mobile devices. Google has also developed a fix and is issuing to device makers and wireless carriers.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Top 5 Techniques Hackers Use to hack Social Media Accounts

These days, Social Media have become a significant need in our everyday life. It encourages us to associate and connect with anyone over the...

5 Top Programming Languages for Hacking

We live in the 21st century, which is very fast-changing. This is a century of competition for information and computing resources. Every year the...

OSINT Tutorial to Track An Aircraft And Flight Information In Real-Time

No doubt Internet is said to be the world's largest repository of data and information. It contains an enormous amount of data related to...

Preventing SQL Injection in PHP Applications

SQL injection is one of the most common cybersecurity threats and as the name suggests, it is a form of injection attack. Injection attacks, on...