Microsoft Addressed FREAK & Stuxnet Vulnerabilities

Microsoft has come up with the most important Patch Tuesday to address the “FREAK” security vulnerability, an encryption flaw that leaves device users vulnerable to having their electronic communications obstructed.

Microsoft’s regularly scheduled Patch Tuesday also included an updated patch for Stuxnet, a five-year-old vulnerability that affects windows operating system. Stuxnet is viewed as potentially the most dangerous piece of computer malware discovered. It’s been developed on an unrivalled scale and has the capability to target and control specified industrial machinery. Once the malware infects the system it can spread to other computers on the local intranet. It is not an internet-based piece of malware; it can spread through indirect internet usage.

The FREAK (Factoring RSA Export Keys) allows an attacker on your websites to use weakened encryption. Once a site’s encryption is cracked, hackers can then steal data such as passwords, and hijack elements on the page.

Researchers said there was no evidence hackers had exploited the vulnerability, which they blamed on a former US policy that banned US companies from exporting the strongest encryption standards available. The restrictions were lifted in the late 1990s, but the weaker standards were already part of software used widely around the world, including Windows and the web browsers.

Microsoft confirmed that the encryption protocols used in all supported version of Windows were also vulnerable to the flaw. Microsoft has mentioned in its security bulletin that Apple’s Safari and Google’s Android browsers were also identified as being susceptible to the flaw.

Besides these two critical issues, the company has also revealed a set of other updates. Microsoft’s March 2015 Patch Tuesday update includes a total of 14 security-related updates for 43 vulnerabilities affecting Internet Explorer, VBscript, Text Services, Adobe Font Drivers, and Office.

Microsoft’s FREAK patch comes a day after the release of Apple iOS 8.2, which includes a fix designed to rectify the problem on Apple’s mobile devices. Google has also developed a fix and is issuing to device makers and wireless carriers.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

What Makes ICS/OT Infrastructure Vulnerable?

Infrastructure security for operational technologies (OT) and industrial control systems (ICS) varies from IT security in several ways, with the inverse confidentiality, integrity, and...

Everything You Must Know About IT/OT Convergence

What is an Operational Technology (OT)? Operational technology (OT) is a technology that primarily monitors and controls physical operations. It can automate and control machines,...

Understand the OT Security and Its Importance

This article discusses OT security and why it is essential for protecting industrial systems from cyberattacks. We will also discuss common control objectives that can...

What is Deepfake, and how does it Affect Cybersecurity?

Producing deepfake is easy. It is hard to detect. They operate with a description of reality rather than reality itself (e.g., a video). Any...