Microsoft issues 14 bulletins on Patch Tuesday, mitigates FREAK attacks


On Patch Tuesday, Microsoft issued 14 bulletins for 43 vulnerabilities in its products, including an issue that could allow exploitation of a SSL/TLS vulnerability, dubbed FREAK.

To thwart FREAK attacks, the tech giant plugged a security feature bypass vulnerability (CVE-2015-1637) in Schannel. The patch, MS15-031, was one of nine Microsoft bulletins ranked “important” this month, and corrected the cipher suite enforcement policies used when server keys are exchanged between servers and clients systems, the bulletin explained.

“The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems,” the company said.

Critical patches in the Patch Tuesday bunch consisted of five bulletins: a cumulative security update for Internet Explorer (IE), a fix for a vulnerability in Windows’ VBScript scripting engine which could allow remote code execution (RCE), and patches for bugs in Microsoft Office, Adobe Font Driver and Windows which could also allow RCE.

VIA: SC Magazine

  • OSTater

    Today, I have three of my W8 customers PC/Laptops lock up at the sign-on screen after rebooting from today’s patch Tuesday MS Updates! Not a joke. One has an HP W8.1 Laptop, another has an HP W8.1 PC and the other has a Dell W8.1 PC. All of them are stuck at the sign-on (actually after attempting to sign-on). The computers just seem to be finishing the update cycle (the HDDs are very busy) and then after a few minutes the drives slow down but the desktops never show up. If you run task manager there (ctrl-alt-del) you will see that “Explorer.exe” is not running. If you attempt to launch it (via the task manager’s “file/run” dialog explorer.exe just immediately stops and disappears! Can’t launch it at all. You can launch “cmd.exe” but of course you can’t login with it, etc…

    This is a BIG f.up that will cause a lot of down time (possible re-installs of W8 OS and of course what happens after the system is re-installed? Will the same MS-Updates cause the same problem?

    Anybody else run into this today?