(Computer World) – Microsoft on Thursday confirmed that Windows was vulnerable to FREAK attacks, and researchers changed their tune, saying Internet Explorer (IE) users were at risk.
The news was a turnabout from earlier in the week, when researchers initially fingered only Apple’s iOS and OS X and Google’s Android operating systems as those that could fall victim to cybercriminals spying on purportedly secure communications between browsers and website servers.
By adding Windows to the list, the number of jeopardized users jumped dramatically: Windows powered 92% of all personal computers last month.
In a security advisory released Thursday, Microsoft said Windows was, in fact, vulnerable to FREAK (Factoring attack on RSA-EXPORT Keys).
“Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows,” Microsoft said in the advisory. “Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system.”
