UPDATE – FREAK SSL vulnerability

matrix-434037_1280Following our article yesterday where we shared insight on the security vulnerability ‘FREAK’ we have now received an update in relation to fixes.

What fixes are available?

Microsoft have now released a fix to address the FREAK vulnerability. This has been released as part of their monthly patch cycle.

Microsoft have rated the patch as ‘important’

Flair 4 IT Managed Service customers

Flair 4 IT clients that have a Managed Service benefit from automatic patching so will receive this update over the coming days.

 

If you are unsure how FREAK may impact your IT set up why not get in touch and see how the Flair 4 IT team can help.


FREAK – SSL vulnerability

matrix-434037_1280If you’re involved in or, have an interest in IT it’s likely that you have heard news recently about a security vulnerability that has been discovered in the SSL protocol.

This vulnerability has been given the name ‘FREAK’.

What is SSL?

SSL is the protocol that is used to communicate with secure web servers. Many software programs also make frequent use of SSL.

Who is at risk?

Those that are at risk of FREAK are more likely to be organisations with web servers that may not be properly configured and, those that have a vulnerable web browser. It requires both ends – the server and the browser – to be vulnerable.

What is the risk?

The potential risk of this vulnerability is that individuals that know how to, could potentially intercept encrypted traffic and force it to use a weaker encryption that they are then able to decipher.

What is the level of risk?

Our Technical experts at Flair 4 IT are currently treating the risk as low because:

  • There are no known exploits currently available
  • The method of attack is complex, and it requires the use of specific browsers and servers

What is being done?

Microsoft are currently working on a fix for all versions of Windows and Windows servers. We believe this should be available in the near future. Other browsers including Chrome and Firefox on Windows have already been patched.

What can you do in the short term? 

Whilst Flair 4 IT do not believe this is something to be excessively concerned over for most organisations in the short term, we do recommend if you are worried to simply use Firefox or Chrome as your web browser.