Lumension® Endpoint Intelligence Center

Intelligence Center » News Archive » SSL/TLS cipher suite downgrade affects all supported Windows versions

SSL/TLS cipher suite downgrade affects all supported Windows versions

2015/03/06

Softpedia - (International) Microsoft released a security advisory that its Secure Channel (Schannel) used in all versions of Windows is vulnerable to Factoring RSA Export Keys (FREAK) attacks that force secure sockets layer (SSL) and transport layer security (TLS) cryptographic protocols to use a weak RSA key through a man-in-the-middle (MitM) attack, allowing hackers to decrypt HTTPS traffic. Microsoft has not yet specified a release date for patching the vulnerability.

Source: http://news.softpedia.com/news/SSL-TLS-Cipher-Suite-Downgrade-Affects-All-Supported-Windows-Versions-475080.shtml

Note: This news synopsis is taken from the DHS Daily Open Source Infrastructure Report, a daily [Monday through Friday, except US Federal holidays] summary of open-source published information concerning significant critical infrastructure issues; a 10-day archive of the DOSIR can be found at: http://www.dhs.gov/dhs-daily-open-source-infrastructure-report.


Last Updated: 27 May 2016 10:23:37