Microsoft Has Patched FREAK on Windows PCs

By Jamie Condliffe on at

Last week, it came to light that the decades-old FREAK security flaw affected every version of Windows. Now, a day after Apple, Microsoft has released patches for PCs runnings its operating system.

The FREAK flaw is found in a poor implementation of the encrypted links between browsers and websites. A team of security researchers were able to launch attacks from supposedly secure websites, forcing them to use weaker encryption that usual that could be cracked within hours. The Microsoft patch prevents the SSL/TSL vulnerability from being exploited, ensuring encryption remains strong.

The security update bundle released by Microsoft also includes a fix for another old and well-known bug called Stuxnet. While a fix for that worm, which wriggled its way in Iran's nuclear facility a few years back, was first issued in 2010, clearly it didn't quite work as intended. Hopefully both work OK this time around. [Microsoft via PC World via Engadget]

Image by Kārlis Dambrāns under Creative Commons licence