Microsoft has issued a security advisory stating that computer users running any of the supported releases of Microsoft Windows are all vulnerable to “FREAK”.
The recently discovered security vulnerability “Freak”, which stands for Factoring RSA-EXPORT Keys, is a decade-old encryption flaw that leaves device users vulnerable to having their electronic communications intercepted when visiting any of hundreds of thousands of websites, including Whitehouse.gov, NSA.gov, FBI.gov, Bloomberg.com, MIT.edu, JCPenney.com, Cornell.edu, and USAJobs.gov.
Initially the flaw was thought only to affect Apple’s Safari for iOS and OS X devices and all smartphones and tablets running on Google’s Chrome for Android. However, a security advisory released by Redmond claims that the bug is also found to affect majority of its operating systems, including Windows Server 2003, Windows Server 2008, Windows Server 2012, Windows RT, Windows Vista, Windows 7, Windows 8, and Windows 8.1.
“Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system,” Microsoft’s Thursday released security advisory read.
“The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems. When this security advisory was originally released, Microsoft had not received any information to indicate that this issue had been publicly used to attack customers.”
Microsoft said it is “actively working” with its Microsoft Active Protections Program partners to provide early-access protection to Windows users.
“Upon completion of this investigation, Microsoft will take the appropriate action to help protect customers,” the software maker said.
“This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.”