This night Microsoft has released Update KB3046049 to fix the FREAK vulnerability (Vulnerability in SChannel) for Windows 10 – just a day after March patch day.
Advertising
I've addressed this issue in my yesterday blog post Microsoft fixes FREAK vulnerability, but not on Windows 10 TP: Microsoft had patched Vulnerability in SChannel for all supported Windows-Versions up to Windows 8.1, but not in Windows 10 TP. I've added a comment to Gabe Aul's tweet to ask for further details, but received no direct answer.
But Gabe Aul answered my question indirect this night with a tweet, addressing (Windows 10 Build) 9926.
The theory, also mentioned by Ed Bott during my yesterday's e-mail exchange, that Microsoft will ship the FREAK fix during the next Windows 10 TP build probably "this week" becomes wrong. It was my hope too, but I guess now, chances receiving a new build this week are fanishing.
Advertising
Anyway, I've booted a VM with Windows 10 TB Build 9926 and got also offered Update KB3046049.
Testing FREAK vulnerability after installing the update on this web site resulted in attackable IE 11.
I have had to reboot Windows 10 manually to get a positive test result on this web site using IE 11.
So, at the end of the day, FREAK (or SChannel) vulnerability in Windows 10 TP is obviously fixed. BTW: The Technet article about KB3046049 doesn't mention Windows 10 TP as a supported OS (I guess, because Windows 10 isn't released yet).
Advertising
