The FREAK flaw is found in a poor implementation of the encrypted links between browsers and websites. A team of security researchers were able to launch attacks from supposedly secure websites, forcing them to use weaker encryption that usual that could be cracked within hours. The Microsoft patch prevents the SSL/TSL vulnerability from being exploited, ensuring encryption remains strong.
The security update bundle released by Microsoft also includes a fix for another old and well-known bug called Stuxnet. While a fix for that worm — which wriggled its way into Iran’s nuclear facility a few years back — was first issued in 2010, clearly it didn’t quite work as intended. Hopefully both work OK this time round. [Microsoft via PC World via Engadget]
Picture: Kārlis Dambrāns/Flickr