Microsoft releases patches for FREAK and Stuxnet security flaws

Microsoft issues fixes for Stuxnet worm and decade old encryption flaw FREAK.

Published Date
11 - Mar - 2015
| Last Updated
11 - Mar - 2015
 
Microsoft releases patches for FREAK and Stuxnet security flaws

Microsoft has released security patches for the five-year old Stuxnet bug and decade old FREAK security flaw, that leaves Apple and Android browsers vulnerable to hackers. 

Stuxnet security flaw was first spotted by German security researcher Michael Heerklotz. The security bugs are present in every version of Windows from Vista and Windows Server 2003 to the latest Windows 8.1 and Windows Server 2012 R2. He reportedly disclosed the flaw to HP’s Zero Day Initiative in January. The Stuxnet worm was allegedly created by the US government to infiltrate Iran's nuclear facility a few years ago.The previous patch issued in 2010 for the Stuxnet worm was not successful.

The decade old FREAK flaw was discovered earlier this month and was rated "important," by Microsoft, the company's second highest security ranking. Microsoft acknowledged that the encryption protocols used in all supported version of Windows were also vulnerable to the flaw.

Researchers stated that there has been no evidence that hackers had exploited the vulnerability as yet which was blamed on a former US encryption policy. The policy was abandoned in 1990's but the weaker standards were already part of software used widely around the world. Microsoft's patch a day after Apple released iOS 8.2, which includes a fix designed to resolve the issue on Apple's mobile devices, while Google is also working on a patch for the bug.

"This security update resolves a vulnerability in Microsoft Windows that facilitates exploitation of the publicly disclosed FREAK technique, an industry-wide issue that is not specific to Windows operating systems," Redmond said in the bulletin. "The security update addresses the vulnerability by correcting the cipher suite enforcement policies that are used when server keys are exchanged between servers and client systems."

Source: Microsoft