Here's the bad news: Microsoft has admitted the FREAK SSL flaw affects all versions of Windows.
But it's not time to freak out: Microsoft already has a workaround to help secure systems.
FREAK is fully known as the Factoring Attack on RSA-EXPORT Keys. It's the result of US government bans against exporting encryption in the 1990s, with downgraded protections still in use in some systems - which hackers can take advantage of.
Microsoft admitted that the downgrade attack could be used against all supported versions of the Windows OS.
"Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system," Microsoft said in a security advisory post.
"The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems."
However, Microsoft said that at the time of publishing the advisory, it hadn't seen any information showing the flaw was being used to attack its customers.
Microsoft is now investigating how best to protect users against the flaw, saying that may include a security patch arriving as part of its monthly update cycle or out of band, "depending on customer needs".
In the meantime, Microsoft is offering a workaround that disables RSA key exchange ciphers using the Group Policy Object Editor, although that will mean Windows can't connect to systems that don't support Microsoft's list of approved ciphers.
Full details are available here.
