Microsoft yesterday released Security Advisory 3046015 which confirmed that vulnerability in Schannel (FREAK security bug) could allow security feature bypass in Windows. The vulnerability could allow a man-in-the-middle (MiTM) attacker to force the downgrading of the cipher used in an SSL/TLS connection on a Windows client system to weaker individual ciphers that are disabled but part of a cipher suite that is enabled.
Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows. Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system. The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems. When this security advisory was originally released, Microsoft had not received any information to indicate that this issue had been publicly used to attack customers.
We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.
Upon completion of this investigation, Microsoft will take the appropriate action to help protect customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
How could an attacker exploit the vulnerability?
In an MiTM attack, an attacker could downgrade an encrypted SSL/TLS session and force client systems to use a weaker RSA export cipher. The attacker could then intercept and decrypt this traffic.
What might an attacker use this vulnerability to do?
An attacker who successfully exploited this vulnerability could facilitate man-in-the-middle attacks that could decrypt encrypted traffic.
What causes the vulnerability?
The vulnerability is caused by an issue in TLS state machine in Schannel.
Microsoft has provided a workaround in which you can disable the RSA key exchange ciphers in Windows Vista and later systems by modifying the SSL Cipher Suite order in the Group Policy Object Editor.