Comments on: Microsoft Advisory says all its operating systems vulnerable to FREAK

By: Buck

Buck — Sat, 14 Mar 2015 07:33:00 +0000

This would not cause the Blue screen would it? its been 9 months since I had one then out of the blue it happened again and I have not added anything since the last time in harware or software

By: Dan

Dan — Wed, 11 Mar 2015 07:58:00 +0000

My earlier comment here is now moot; for the March 10, 2015 Patch Tuesday, MS said it was patching FREAK attack vulnerability in IE; after installing yesterday’s cumulative security update for IE 11 on Windows 7, using IE11 I tried the test link in your article, and IE11 now passes with the “good news!” result of no vulnerability. However, even so, then completely separately testing routine things again at “Browserscope”, the newly patched IE 11 still fails tests for strict transport and content security…so don’t completely give up on Chrome, FF, similar. Also, I apologize for any posts that may appear to be backlinking; that’s not my intent; Disqus these days seems to automatically convert even obfuscated site or posted data into blue links, first after I post; I don’t see any way as a user over at Disqus to avoid the system doing that, and if anyone knows I’d be grateful to know how to keep Disqus from auto-wrapping my text. Cheers!

By: Dan

Dan — Sun, 08 Mar 2015 07:47:00 +0000

For those without group policy editors, I have tried both of the following on Windows 7 Home Premium 64 bit, successfully. At Ghacks a few days ago its forum member Al McCann posted for pro bono to anyone (member or not) an instruction and set of registry edits specifically for non-gpe Windows versions, which allows manual edits and gives non-gpe OS the same cipher key revision as in your feature; I would post the actual items here, but foibles of text wrapping re Disqus make it too disjointed to use; his instructions and edits worked.

Also, at the German language site “Deskmodder.de” for date March 06, 2015, site operator posted a clean and accurate free “freak zip” file, based on McCann’s, which once downloaded imports easily into registry. Again, both of these features got my IE 11 for Windows 7 going from “fail” to “pass”, just like Firefox does without edits.

Of course, I backed up and replaced and tested again to ensure “fail” between tests of the two methods described above. This comment is intended for those who know their way around registry editing; should any other type of user wish to try, do first at least make a backup copy of your registry or make a restore point before attempting. It may indeed generally be better to await an IE patch, as no matter how you get IE protected against FREAK, you get the same losses of some sites’ facilities just like in FF/Chrome; many sites “require” IE just because they have weak SSL/TLS and if you harden IE like FF/Chrome, to some sites it will be as “useless” on some pages as other browsers. Cheers!