New SSL/TLS Attack - FREAK

A new SSL/TLS vulnerabilty was recently discovered dubbed "FREAK". Originally it was thought that only OpenSSL was vulnerable, however, Microsoft just issued an advisory (3046015) describing the affected versions of Windows. The default configuration of Windows 2003 is vulnerable, however, Windows 2008 and above are not affected in the default configuration. The Best Practices template in IIS Crypto solves this by removing the affected cipher suites.

Comments (2) -

By Paul | July 17, 2015 - 09:52

Jeff,

Thank you very much for your time developing this tool.  It was very helpful and I enjoyed reading the FAO Smile

By Brad | July 6, 2016 - 07:26

This is a very valuable tool.  Please let me know how we can support your organization.

Add comment