New SSL/TLS Attack - FREAK

A new SSL/TLS vulnerabilty was recently discovered dubbed "FREAK". Originally it was thought that only OpenSSL was vulnerable, however, Microsoft just issued an advisory (3046015) describing the affected versions of Windows. The default configuration of Windows 2003 is vulnerable, however, Windows 2008 and above are not affected in the default configuration. The Best Practices template in IIS Crypto solves this by removing the affected cipher suites.

Comments (4) -

By Paul | July 17, 2015 - 09:52

Jeff,

Thank you very much for your time developing this tool.  It was very helpful and I enjoyed reading the FAO Smile

By Brad | July 6, 2016 - 07:26

This is a very valuable tool.  Please let me know how we can support your organization.

By Erendira Bermudez | July 6, 2017 - 06:07

Hello I have a question
Do you know if there are changes to the registry when using Nartac IIS Crypto "best practices"?

By Mohamed Sayed | October 27, 2017 - 03:45

This is a very helpful tool.
When I tried to use it in one of my 2008 R2 servers, it crashes with the below details:

Problem signature:
  Problem Event Name:  CLR20r3
  Problem Signature 01:  iiscrypto.exe
  Problem Signature 02:  2.0.11.0
  Problem Signature 03:  578a62a2
  Problem Signature 04:  mscorlib
  Problem Signature 05:  4.0.0.0
  Problem Signature 06:  4ba1da6f
  Problem Signature 07:  3dab
  Problem Signature 08:  105
  Problem Signature 09:  System.IO.DirectoryNotFound
  OS Version:  6.1.7601.2.1.0.274.10
  Locale ID:  1033
  Additional Information 1:  0a9e
  Additional Information 2:  0a9e372d3b4ad19135b953a78882e789
  Additional Information 3:  0a9e
  Additional Information 4:  0a9e372d3b4ad19135b953a78882e789

Read our privacy statement online:
  go.microsoft.com/.../

If the online privacy statement is not available, please read our privacy statement offline:
  C:\Windows\system32\en-US\erofflps.txt

Add comment