Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vulnerability in Schannel Could Allow Security Feature Bypass


  • Please log in to reply
5 replies to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 11,786 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:10:04 AM

Posted 06 March 2015 - 12:04 AM

 

 

Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows. Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system. The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems. When this security advisory was originally released, Microsoft had not received any information to indicate that this issue had been publicly used to attack customers.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

Mitigating Factors
  • A server needs to support RSA key exchange export ciphers for an attack to be successful.
Recommendation 
  • Please see the Suggested Actions section of this advisory for workarounds to disable the RSA export ciphers. Microsoft recommends that customers use these workarounds to mitigate this vulnerability.

 

Read more here.

https://technet.microsoft.com/en-us/library/security/3046015

 

Also here.

FREAK” flaw in Android and Apple devices cripples HTTPS crypto protection

.

 



BC AdBot (Login to Remove)

 


m

#2 yu gnomi

yu gnomi

  • Members
  • 532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago suburb
  • Local time:06:04 PM

Posted 06 March 2015 - 12:24 AM

https://technet.microsoft.com/en-us/library/security/3046015#_Apply_Workarounds

 

Suggested Actions
 
Apply Workarounds
Workarounds refer to a setting or configuration change that does not correct the underlying issue but would help block known attack vectors before a security update is available.

  • Disable RSA key exchange ciphers using the Group Policy Object Editor 

 
 
so, what can I do if my version of windows lacks the requisite group policy editor?


Edited by yu gnomi, 06 March 2015 - 12:37 AM.


#3 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:04 AM

Posted 06 March 2015 - 01:25 AM

They'll probably release a Fixit for Home Premium and below versions.

Alex

#4 Grimey

Grimey

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 08 March 2015 - 12:27 AM

According to Freakattack.com, Chrome and Firefox on Windows, should not be vulnerable. When I access the site with either one, it says my browser is vulnerable. They are both updated.  It also says that if they do show as vulnerable, it is probably do to interference with an anti virus program that is intercepting TSL connections from the browser. I have Avast installed. I disabled the Active Protection features on Avast, but it made no difference. I also have Winpatrol, MBAM scanner, and Superantispyware scanner installed. I also have Sandboxie, but it makes no difference if I make the test in, or out of the sandbox. Can you advise me? Thanks!  



#5 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:12:04 AM

Posted 08 March 2015 - 12:40 AM

Quoting from NickAu's link...

Additional Suggested Actions

  • Protect your PC
    We continue to encourage customers to follow our Protect Your Computer guidance of enabling a firewall, getting software updates and installing antivirus software. For more information, see Microsoft Safety & Security Center.
  • Keep Microsoft Software Updated
    Users running Microsoft software should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Microsoft Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have automatic updating enabled and configured to provide updates for Microsoft products, the updates are delivered to you when they are released, but you should verify that they are installed.
If you have Sandboxie, it's best that you continue using it.

Alex

#6 Grimey

Grimey

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:04 PM

Posted 08 March 2015 - 01:57 AM

Turned off all the Winpatrol functions, then tried again with FireFox at  https://www.ssllabs.com/ssltest/viewMyClient.html

 Now it reports I'm not vulnerable.  :)

 

I guess the question now is: Am I at more risk on the internet now with Winpatrol off, but the Freak vulnerability covered, or with it on, and the security it provides in other areas, but open to Freak?  :unsure:


Edited by Grimey, 08 March 2015 - 06:47 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users