Bulletin ID:
Severity:
Description:
This security update resolves a vulnerability in Microsoft Windows that facilitates exploitation of the publicly disclosed FREAK technique, an industry-wide issue that is not specific to Windows operating systems. The vulnerability could allow a man-in-the-middle (MiTM) attacker to force the downgrading of the key length of an RSA key to EXPORT-grade length in a TLS connection. Any Windows system using Schannel to connect to a remote TLS server with an exploitable cipher suite is affected.
Revision Note: V1.1 (March 24, 2015): Revised bulletin to add an FAQ directing customers to Microsoft Knowledge Base Article 3050509 for instructions on how to disable EXPORT ciphers after installing the update on Windows Server 2003 systems.