What if I were to tell you that there was a vulnerability in a major OS that went undetected for over a decade? Sounds ludicrous, right? Well, it happened. FREAK, a dangerous SSL/TLS flaw, has been lying in wait in all supported Microsoft Windows versions for over 10 years.
FREAK allows an attacker to force SSL clients to downgrade to weaken and break ciphers to conduct Man-in-the-Middle attacks on encrypted HTTPS-protected traffic between millions of websites and vulnerable end-users. As of this writing, Microsoft is actively working on a patch to fix this vulnerability. FREAK must be contained and stopped as 36% of all websites are vulnerable to this threat. For more details on FREAK, please click here:: Microsoft: All Windows versions Vulnerable to FREAK Vulnerability
[sc:mbtc]