Microsoft Addressed FREAK & Stuxnet Vulnerabilities

Microsoft has come up with the most important Patch Tuesday to address the “FREAK” security vulnerability, an encryption flaw that leaves device users vulnerable to having their electronic communications obstructed.

Microsoft’s regularly scheduled Patch Tuesday also included an updated patch for Stuxnet, a five-year-old vulnerability that affects windows operating system. Stuxnet is viewed as potentially the most dangerous piece of computer malware discovered. It’s been developed on an unrivalled scale and has the capability to target and control specified industrial machinery. Once the malware infects the system it can spread to other computers on the local intranet. It is not an internet-based piece of malware; it can spread through indirect internet usage.

The FREAK (Factoring RSA Export Keys) allows an attacker on your websites to use weakened encryption. Once a site’s encryption is cracked, hackers can then steal data such as passwords, and hijack elements on the page.

Researchers said there was no evidence hackers had exploited the vulnerability, which they blamed on a former US policy that banned US companies from exporting the strongest encryption standards available. The restrictions were lifted in the late 1990s, but the weaker standards were already part of software used widely around the world, including Windows and the web browsers.

Microsoft confirmed that the encryption protocols used in all supported version of Windows were also vulnerable to the flaw. Microsoft has mentioned in its security bulletin that Apple’s Safari and Google’s Android browsers were also identified as being susceptible to the flaw.

Besides these two critical issues, the company has also revealed a set of other updates. Microsoft’s March 2015 Patch Tuesday update includes a total of 14 security-related updates for 43 vulnerabilities affecting Internet Explorer, VBscript, Text Services, Adobe Font Drivers, and Office.

Microsoft’s FREAK patch comes a day after the release of Apple iOS 8.2, which includes a fix designed to rectify the problem on Apple’s mobile devices. Google has also developed a fix and is issuing to device makers and wireless carriers.

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...

What is Ethical Hacking, how to be an Ethical Hacker

Hacking is the process of discovering vulnerabilities in a system and using these found vulnerabilities by gaining unauthorized access into the system to perform...

Basic steps to ensure security Online!

Security concerns are growing day by day due to the growing interconnectivity and technology. Drastic things can happen if you be a little careless...