Microsoft Patches FREAK, Stuxnet Flaws2015-03-11 09:59 by Daniela
Tags: Microsoft, FREAK, Stuxnet
Microsoft has released its March Patch Tuesday fixes. Among the 14 patches is one that addresses the "FREAK" security vulnerability, a decade-old encryption flaw that has been found recently. The bulletin (MS15-031) is rated "important," Microsoft's second highest ranking security ranking and comes just a week after Microsoft admitted that the encryption protocols used in all supported version of Windows were also vulnerable to the flaw.
"This security update resolves a vulnerability in Microsoft Windows that facilitates exploitation of the publicly disclosed FREAK technique, an industry-wide issue that is not specific to Windows operating systems," Redmond said in the bulletin. "The security update addresses the vulnerability by correcting the cipher suite enforcement policies that are used when server keys are exchanged between servers and client systems."
The updates also include a fix for another old and well-known bug called Stuxnet. Although other fixes for the problem have been in the wild for years, they obviously didn't work as intended.
Another five 'critical' updates fix flaws in Internet Explorer, Windows, Windows VBScript Scripting Engine, Windows Adobe Font Driver and Microsoft Server in Office.
Read more -here-