Microsoft: Windows PCs Also Vulnerable to 'Freak' Attacks

Before you go, we thought you'd like these...
Before you go close icon
JAPAN-US-IT-SOFTWARE-MICROSOFT
Yoshikazu Tsuno, AFP/Getty Images
By Jim Finkle

BOSTON -- Hundreds of millions of Windows PC users are vulnerable to attacks exploiting the recently uncovered "Freak" security vulnerability, which was initially believed to only threaten mobile devices and Mac computers, Microsoft (MSFT) warned.

News of the vulnerability surfaced Tuesday when a group of nine security experts disclosed that ubiquitous Internet encryption technology could make devices running Apple's (AAPL) iOS and Mac operating systems, along with Google's (GOOGL) Android browser vulnerable to cyber attacks.

Microsoft released a security advisory Thursday warning customers that their PCs were also vulnerable to the "Freak" vulnerability.

The weakness could allow attacks on PCs that connect with Web servers configured to use encryption technology intentionally weakened to comply with U.S. government regulations banning exports of the strongest encryption.

If hackers are successful, they could spy on communications as well as infect PCs with malicious software, the researchers who uncovered the threat said Tuesday.

The Washington Post reported Tuesday that whitehouse.gov and fbi.gov were among the sites vulnerable to these attacks, but that the government had secured them.

Microsoft advised system administrators to employ a workaround to disable settings on Windows servers that allow use of the weaker encryption. It said it was investigating the threat and had not yet developed a security update that would automatically protect Windows PC users from the threat.

"Upon completion of this investigation, Microsoft will take the appropriate action to help protect customers," it said. The Redmond, Washington-based company said that might include providing a security update in a monthly software release or putting out an unscheduled update.

Chris Wysopal, chief technology officer with security software maker Veracode, noted that it was not possible to change that setting on Windows Server 2003, a version of Microsoft's operating system for servers that is more than a decade old.

Windows Server 2003 "remains vulnerable," Wysopal said. "There is nothing you can do if you are running a Web server on this OS."

Apple said it had developed a software update to address the vulnerability, which would be pushed out to customers next week.

Google said it had also developed a patch, which it provided to partners that make and distribute Android devices.

"Freak" stands for "Factoring RSA-EXPORT Keys."
Read Full Story

Want more news like this?

Sign up for Finance Report by AOL and get everything from business news to personal finance tips delivered directly to your inbox daily!

Subscribe to our other newsletters

Emails may offer personalized content or ads. Learn more. You may unsubscribe any time.

From Our Partners

Nature Gets Revenge On Safari Hunter Who Killed Elephants And Lions For Sport Nature Gets Revenge On Safari Hunter Who Killed Elephants And Lions For Sport
Don't Get Too Close To a Newborn Giraffe Unless You Want to Get Kicked in the Nuts Don't Get Too Close To a Newborn Giraffe Unless You Want to Get Kicked in the Nuts
Man Suspects His Wife Is Cheating On Him - Then His Daughter Reveals What's Really Going Man Suspects His Wife Is Cheating On Him - Then His Daughter Reveals What's Really Going