Freak Attact Patch for Internet explorer

Microsoft Security Bulletin MS15-031 - Important

Vulnerability in Schannel Could Allow Security Feature Bypass (3046049)

Published: March 10, 2015

Version: 1.0

 
 

 

Executive Summary

This security update resolves a vulnerability in Microsoft Windows that facilitates exploitation of the publicly disclosed FREAK technique, an industry-wide issue that is not specific to Windows operating systems. The vulnerability could allow a man-in-the-middle (MiTM) attacker to force the downgrading of the key length of an RSA key to EXPORT-grade length in a TLS connection. Any Windows system using Schannel to connect to a remote TLS server with an insecure cipher suite is affected.

This security update is rated Important for all supported releases of Microsoft Windows. For more information, see the Affected Software section.

The security update addresses the vulnerability by correcting the cipher suite enforcement policies that are used when server keys are exchanged between servers and client systems. For more information about the vulnerability, see the Vulnerability Information section.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 3046015.

https://technet.microsoft.com/en-US/library/security/MS15-031