Microsoft Addressed FREAK & Stuxnet Vulnerabilities

Microsoft has come up with the most important Patch Tuesday to address the “FREAK” security vulnerability, an encryption flaw that leaves device users vulnerable to having their electronic communications obstructed.

Microsoft’s regularly scheduled Patch Tuesday also included an updated patch for Stuxnet, a five-year-old vulnerability that affects windows operating system. Stuxnet is viewed as potentially the most dangerous piece of computer malware discovered. It’s been developed on an unrivalled scale and has the capability to target and control specified industrial machinery. Once the malware infects the system it can spread to other computers on the local intranet. It is not an internet-based piece of malware; it can spread through indirect internet usage.

The FREAK (Factoring RSA Export Keys) allows an attacker on your websites to use weakened encryption. Once a site’s encryption is cracked, hackers can then steal data such as passwords, and hijack elements on the page.

Researchers said there was no evidence hackers had exploited the vulnerability, which they blamed on a former US policy that banned US companies from exporting the strongest encryption standards available. The restrictions were lifted in the late 1990s, but the weaker standards were already part of software used widely around the world, including Windows and the web browsers.

Microsoft confirmed that the encryption protocols used in all supported version of Windows were also vulnerable to the flaw. Microsoft has mentioned in its security bulletin that Apple’s Safari and Google’s Android browsers were also identified as being susceptible to the flaw.

Besides these two critical issues, the company has also revealed a set of other updates. Microsoft’s March 2015 Patch Tuesday update includes a total of 14 security-related updates for 43 vulnerabilities affecting Internet Explorer, VBscript, Text Services, Adobe Font Drivers, and Office.

Microsoft’s FREAK patch comes a day after the release of Apple iOS 8.2, which includes a fix designed to rectify the problem on Apple’s mobile devices. Google has also developed a fix and is issuing to device makers and wireless carriers.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Top 10 things to Do After Installing Kali Linux

Kali Linux is considered to be one of the best hacking distribution of this era, it is developed by Offensive Security to give an...

Become a spy in your own right with Xnspy Android spying app

Having become widely popular among parents and employers, spying apps have become quite the norm nowadays. Android spying apps have made it a lot...

e-Services Portals Potentially Expose Government Infrastructure to File-based Attacks

More and more users are embracing technology to perform their day-to-day activities. It’s not only private businesses that are forced to establish digital channels...

What is Nmap? How to use Nmap for Information Gathering

Nmap stands for Network Mapper, a powerful network scanning and host detection tool that is being used to perform reconnaissance in a very first...