Microsoft has issued a security warning for its fans, primarily against the FREAK bug. This attack affects hundreds of millions of Windows OS users.
Discovered by encryption and security expert Karthikeyan Bharyagavan, the FREAK bug, or "Factoring Attack on RSA-EXPORT Keys," was designed to affect information flow online. The FREAK bug is found in softwares used for encryption, and it forces data streams between a vulnerable site and a visitor to both downgrade their encryption, making it weaker. In turn, it will be much easier for attackers to open data and steal confidential information.
The FREAK bug surfaced early this month as a result of security experts discovering that a bypass in encryption technology makes for vulnerability to cyber attacks. Initial information available first points the bug to affect only users of Android and Blackberry phones, and the Safari Web browser.
However, Microsoft released a statement on its Security Center, warning people that their PCs could also be vulnerable to attacks. In the advisory, the company said that every version of Windows, even the most current one that uses Internet Explorer or any non-proprietary Microsoft software that calls on part of the operating system called "Secure Channel," is susceptible to the FREAK flaw.
The company also issued an advice on how to remove the weakness from some of Microsoft's software, but also warned that these quick fixes could have serious effects on some other programs. Microsoft also said that it is now working on an independent security update to remove the bug from its OS.
Apple is most likely to produce a patch for the flaw next week, and Google has already updated its version of Chrome for Mac to remove any vulnerability to FREAK. There is no definite information yet when the flaw is expected to be flushed from Android.