Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Microsoft Windows vulnerable to 'FREAK' encryption flaw too

06 Mar 2015   #1
Borg 386

Win 7 32 Home Premium, Win 7 64 Pro, Win 8.1, Win 10
 
 
Microsoft Windows vulnerable to 'FREAK' encryption flaw too

Quote:
Computers running all supported releases of Microsoft Windows are vulnerable to "FREAK," a decade-old encryption flaw that leaves device users vulnerable to having their electronic communications intercepted when visiting any of hundreds of thousands of websites, including Whitehouse.gov, NSA.gov and FBI.gov.

The flaw was previously thought to be limited to Apple's Safari and Google's Android browsers. But Microsoft warned that the encryption protocols used in Windows -- Secure Sockets Layer and its successor Transport Layer Security -- were also vulnerable to the flaw.

"Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system," Microsoft said in its advisory. "The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industrywide issue that is not specific to Windows operating systems."

Microsoft said it will likely address the flaw in its regularly scheduled Patch Tuesday update or with an out-of-cycle patch. In the meantime, Microsoft suggested disabling the RSA export ciphers.
http://www.cnet.com/news/windows-vul...tag=CAD090e536


My System SpecsSystem Spec
.
06 Mar 2015   #2
Seffrid

Windows 7 Home Premium 64
 
 

My System SpecsSystem Spec
06 Mar 2015   #3
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Checked and seems okay

Checked here:

https://freakattack.com/clienttest.html

Cyberfox, Airfox & Opera browsers all okay. Will check my other installed browsers too. Interesting that Cybefox shows the least number of cipher suites.
Microsoft Windows vulnerable to 'FREAK' encryption flaw too-client-check-cyberfox.jpg
Microsoft Windows vulnerable to 'FREAK' encryption flaw too-client-check-airfox.jpg
Microsoft Windows vulnerable to 'FREAK' encryption flaw too-client-check-opera.jpg


My System SpecsSystem Spec
.

06 Mar 2015   #4
Seffrid

Windows 7 Home Premium 64
 
 

I did a test with Chrome and that passed ok.

IE9 failed.
My System SpecsSystem Spec
06 Mar 2015   #5
Urthboundmisfit

Win 10 Pro x64, Win 7 Pro x64
 
 

FFox 36.0.1 OK

IE11 Failed.
My System SpecsSystem Spec
06 Mar 2015   #6
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 
Test IE 11

Quote   Quote: Originally Posted by Urthboundmisfit View Post
FFox 36.0.1 OK

IE11 Failed.
Maybe see what shows up here:

https://www.ssllabs.com/ssltest/view...0&frame_loaded

Which cipher suites are shown as a problem - if any?
My System SpecsSystem Spec
06 Mar 2015   #7
Callender

Microsoft Windows 7 Home Premium 64-bit 7601 Multiprocessor Free Service Pack 1
 
 

For IE users: Check if Windows is affected by the Freak Attack vulnerability - gHacks Tech News

Looks like it's time to switch to another browser until it's patced if you have any concerns/
My System SpecsSystem Spec
.
06 Mar 2015   #8
ThrashZone

Win-7-Pro64bit 7-H-Prem-64bit
 
 

To pass the test in ie,
Simply go to Internet options/ Advanced/ Uncheck All ssl's and tsl's and only leave checked (tsl 1.2)
My System SpecsSystem Spec
06 Mar 2015   #9
M1GU31

Windows 10 64bit
 
 

I passed the test with default settings on IE but it's on win 10. Cyberfox passes too which is what I use.
My System SpecsSystem Spec
06 Mar 2015   #10
ThrashZone

Win-7-Pro64bit 7-H-Prem-64bit
 
 

Server 2003 is unaffected
My System SpecsSystem Spec
Reply

 Microsoft Windows vulnerable to 'FREAK' encryption flaw too




Thread Tools



Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:04.
Twitter Facebook