Microsoft fixes FREAK vulnerability, but not on Windows 10 TP

Posted on 2015-03-11 by guenni

Yesterday Microsoft has released several updates to fix security issues in Windows, IE, Office, Exchange Server. One patch fixed the FREAK vulnerability – but not on Windows 10.

Advertising

I've blogged about patch day issues a couple of hours ago in my German patch day triptych:

Microsoft-Patchday: Sicherheits-Updates März 2015 – Teil 1
Microsoft-Patchday: weitere Updates März 2015 – Teil 2
März 2015 Patchday-Infos: Stuxnet, FREAK, SuperFish & mehr – Teil 3

and summed some things up. One was the FREAK vulnerability. I've written about FREAK in my recent blog post Microsoft's FREAK workaround causes update error 8024001F. Also ZDNet.com has an article about FREAK here.

A fix for FREAK vulnerability

Microsoft has released KB3046049 (MS15-031) Vulnerability in Schannel Could Allow Security Feature Bypass to fix this issue. I've tested it this night, using this web site, an I got the following message in IE 11 under Windows 7.

Advertising

Hey, seems cool, and my MVP collegue Ed Bott wrotes here at ZDNet.com that the update is avaiable for all Windows versions. But that's not true!

Attention: No fix for FREAK in Windows 10 TP Build 9926

After running the test above, I decided to take a sleep (it was just Midnight here in Germany). This moring a German blog reader asks, what's going wrong with this patch, because his IE 11 still shows a vulnerability in Windows 10 TP (Build 9926). Here is, what I got on my test machine (IE 11 under Windows 10 TP, Build 9926).

Ups, that thing is still vulnerable for FREAK Attacks. The explanation is simple: Microsoft doesn't provide a patch for FREAK (if I don't overlooked something). This night there has been one 4 patches issued to Windows 10 TP.

See also Gabe Aul's tweet here. As far as I see, there is no patch for KB3046049 (MS15-031). I've added a comment to Gabe Aul's tweet to ask for further details, but have no answer so far.

 Aul-03-2015

To summarize it: FREAK vulnerability hasn't been fixed in Windows 10 TP Build 9926 till yet, because KB3046049 isn't available for Windows 10 (only for lower Windows versions).

Advertising
This entry was posted in Windows and tagged , , , . Bookmark the permalink.

3 Responses to Microsoft fixes FREAK vulnerability, but not on Windows 10 TP

  1. John says:
    2015-03-11 at 12:43

    See my forum post (link below) on TechNet for additional info related to this issue on W10 TP

    http://goo.gl/mtlaql

    Reply

  2. Pingback: #Windows10: Update KB3046049 for FREAK fix released | Born's Tech and Windows World

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).