https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

Sales & Marketing


Microsoft Issues New FREAK Fix, Updates Stuxnet Patch

  • Written by DH Kass 1
  • March 13, 2015
Microsoft followed up its March 5 security advisory on the exposure of Windows 7 machines running IE 11 to a FREAK bug attack, issuing a fix for the vulnerability on Patch Tuesday among a collection of 14 bulletins.

Microsoft (MSFT) followed up its March 5 security advisory on the exposure of Windows 7 machines running IE 11 to a FREAK bug attack, issuing a fix for the vulnerability on Patch Tuesday among a collection of 14 bulletins.

The MS15-031 bulletin addressing the FREAK vulnerabilities patches the Schannel security feature bypass vulnerability–the Windows version of SSL/TLS. In a FREAK attack an unsuspecting user operating a compromised machine visits a vulnerable, but supposedly HTTPS-secure website, whose security an attacker has downgraded to a weaker 512-bit cipher.

“This security update resolves a vulnerability in Microsoft Windows that facilitates exploitation of the publicly disclosed FREAK technique, an industry-wide issue that is not specific to Windows operating systems,” Microsoft said.

“The vulnerability could allow a man-in-the-middle (MiTM) attacker to force the downgrading of the key length of an RSA key to EXPORT-grade length in a TLS connection,” the vendor’s bulletin said. “Any Windows system using Schannel to connect to a remote TLS server with an insecure cipher suite is affected…The security update addresses the vulnerability by correcting the cipher suite enforcement policies that are used when server keys are exchanged between servers and client systems.”

In addition, the vendor issued an updated Stuxnet patch after it was revealed that the original fix from August, 2010 left open some issues.

Microsoft security bulletin MS15-020 covers how Windows handles loading of DLL files and also how Windows Text Services handles objects in memory.

“The vulnerabilities could allow remote code execution if an attacker successfully convinces a user to browse to a specially crafted website, open a specially crafted file, or browse to a working directory that contains a specially crafted DLL file,” Microsoft said.

“The security update addresses the vulnerabilities by correcting how Microsoft Text Services handles objects in memory and how Microsoft Windows handles the loading of DLL files,” the vendor said.

As Threatpost reported, HP’s Zero Day Initiative worked with Microsoft on the incomplete Stuxnet patch to provide the vendor with details and a proof of concept exploit used to build a new fix.

Tags: Cloud Service Providers Digital Service Providers MSPs VARs/SIs Sales & Marketing

Related


  • Woman Thumbs Up
    HPE, Synnex Channel Execs Look Forward to Former Intel CTO Returning as CEO
    One Intel partner calls Gelsinger an industry veteran and visionary.
  • Managed migration
    D&H Extends Financing Terms to Help Partners Amid COVID-19
    Sales through this program increased approximately 85% in the past year to date, year over year.
  • Hornet
    Hornetsecurity Acquires Altaro for Expanded Security Services
    Hornetsecurity is the leading email security provider in Europe.
  • Akamai Technologies Partners Migrating to New Channel Program
    Akamai partners will migrate to the new program over a six-month transition period.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Alteryx Chooses Palo Alto Networks Vet to Lead Go-to-Market Plan
  • MSP 501 Profile: Monroy IT Services with a Minority's Perspective on the Channel
  • Top Gun 51 Profile: Alyssa Fitzpatrick on Expanding Co-Sell Through Microsoft Partner Center Rollout
  • MSP 501 Profile: DCG Technical Solutions on the Managed Services Pivot

Galleries

View all

New, Changing Partner Programs: AWS, Tech Data, Avaya, Verizon

January 11, 2021

Industry Perspectives

View all

The Importance of Being Security-Centric

January 22, 2021

Cyberattacks: Threat Hunters Conquer Unpredictability with 3 Measures

January 21, 2021

The Right Data Migration Tool Helps Schools Move to Cloud During COVID Crisis

January 19, 2021

Webinars

View all

Who’s Behind the Mask? Hacker Personas Explained

January 26, 2021

Your Network Perimeter Has Changed

February 18, 2021

How Managed Hosting Providers Thrive with the Alternative Cloud

February 24, 2021

White Papers

View all

Why Subscription Business Model

January 15, 2021

The Ultimate MSP Guide to Sales Efficiency

January 14, 2021

Eight Reasons Why MSPs Need IT Industry-Specific Sales Tools

January 14, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

.@exabeam, @VulcanCyber, @ntti3, @Vectra_AI, @Lookout and @valtixinc give high marks to @POTUS' federal… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

Judge sides with @AWScloud against #Parler; @SADAsystems gets AI-centric board member; @EnsonoIT, @navisite get… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

2021 may be the year of the #security-centric #MSP @BarracudaMSP #remoteworking #ITsecurity #dataprotection #RMM… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

Adding #AIOps and #AI-driven WANs will help IT administrators move forward, says @MistSystems.… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

Microsoft taps @tybryson as corporate VP @msuspartner group @julwhite heading to SAP, @anderson to @Qualtrics.… twitter.com/i/web/status/1…

January 22, 2021
ChannelFutures

#MSPs can inject predictability into #threathunting @Sophos #cybersecurity #ransomware dlvr.it/Rr4ffV https://t.co/Bztc2Yxwvc

January 22, 2021
ChannelFutures

.@RiskBased report shows decrease in #databreaches, jump in exposed records in 2020. dlvr.it/Rr4fcW https://t.co/PYiDMiJFbt

January 22, 2021
ChannelFutures

Legal experts say @VMware's #lawsuit against @nutanix's new CEO holds little weight. dlvr.it/Rr48FJ https://t.co/oLxPhgvgAt

January 21, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X