Windows PC users are susceptible to being attacked exploiting the newly exposed “Freak” security vulnerability. At first it was believed that this would not affect the hundreds of millions of Windows PC users, but only threaten mobile devices and Mac computers, according to the warnings provided by Microsoft Corp.
This news emerged on Tuesday when a team of 9 security experts revealed the ubiquitous Internet encryption technology has the ability to make devices running Apple Inc’s iOS and Mac operating systems, as well as Google Inc’s Android browser susceptible to cyber-attacks.
On Thursday, Microsoft has released a security advisory warning its customers that their PCs were also prone to the “Freak” vulnerability.
The weak point may facilitate attacks on PCs which connect with Web servers configured to employ encryption technology purposely weakened to abide by the U.S. government regulations prohibiting the exports of the most powerful encryption.
Researchers uncovering the threat stated that if hackers succeed then they would be able to spy on people communicating as well as infect the PCs with malicious software. It has been reported that the whitehouse.gov and fbi.gov were also among the sites prone to this attack but government has taken measures to secure them.
It has been advised by Microsoft that system administrators make use of a workaround for disabling settings on Windows servers which permit the use of this weaker encryption. Investigation is still going on but a security update to automatically protect users has not been developed yet. “Upon completion of this investigation, Microsoft will take the appropriate action to help protect customers,” it said. They may include providing a security update in a monthly software release or putting out an unscheduled update.
Chief technology officer with security software maker Veracode, Chris Wysopal, made notes that it was impossible to change that setting on Windows Server 2003, a version of Microsoft’s operating system for servers that is more than a decade old.
According to Wysopal, Windows Server 2003 “remains vulnerable”. “There is nothing you can do if you are running a Web server on this OS.”
Apple informed that it had developed a software update to deal with the vulnerability, and that shall be pushed out to customers the upcoming week.
Google also informs that it had developed a patch, which it provided to partners that produce and distribute Android devices.
