Microsoft issues 14 bulletins on Patch Tuesday, mitigates FREAK attacks


On Patch Tuesday, Microsoft issued 14 bulletins for 43 vulnerabilities in its products, including an issue that could allow exploitation of a SSL/TLS vulnerability, dubbed FREAK.

To thwart FREAK attacks, the tech giant plugged a security feature bypass vulnerability (CVE-2015-1637) in Schannel. The patch, MS15-031, was one of nine Microsoft bulletins ranked “important” this month, and corrected the cipher suite enforcement policies used when server keys are exchanged between servers and clients systems, the bulletin explained.

“The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems,” the company said.

Critical patches in the Patch Tuesday bunch consisted of five bulletins: a cumulative security update for Internet Explorer (IE), a fix for a vulnerability in Windows’ VBScript scripting engine which could allow remote code execution (RCE), and patches for bugs in Microsoft Office, Adobe Font Driver and Windows which could also allow RCE.

VIA: SC Magazine