Suggested workaround to mitigate the FREAK issue on Windows systems

Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows. The vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system. The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems.

Microsoft recommends administrators to disable RSA key exchange ciphers using the Group Policy Object Editor (Windows Vista and later systems only). However, this means that such Windows systems will fail to connect to other systems that do not support any of the ciphers listed in the workaround. To determine which ciphers are available for each cryptographic protocol, refer to Cipher Suites in Schannel.

Read MS Security Advisory in full here – https://technet.microsoft.com/en-us/library/security/3046015

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top