This week has introduced yet another software security flaw that was left undiscovered for a long years. You can learn all about it here: Old Government Policies Influenced the FREAK Security Flaw.
Not long after FREAK made the news, several vendors came out to state fixes were on the way. Google and Apple made notable, public statements on the issue. But, Microsoft remained quiet and many assumed that maybe this flaw didn't exist in Windows systems.
Today we learn that is not the case.
Microsoft today has released its own security advisory under number 3046015 to announce that it is investigating the situation and hopes to develop a fix. Additionally, the company has supplied interim workarounds to disable RSA key exchange export chippers. A server needs to support RSA key exchange export ciphers for an attack to be successful. Pretty much every version of Windows (client and server) has the potential to be vulnerable.
The full advisory is here: Microsoft Security Advisory 3046015
