Didn't find what you're looking for? Contact Support

On March 3rd, 2015, security researchers announced a flaw known as FREAK (CVE-2015-0204) which affects the SSL/TLS encryption used to secure websites. The vulnerability could potentially allow an attacker to compromise secure traffic in order to intercept or manipulate sensitive data.

This affects you!

Microsoft Windows servers, including those running SharePoint or TMG are vulnerable to this exploit (Microsoft Security Advisory 3046015). This issue is not specific to Microsoft and affects servers and software clients on all platforms.

What should you do?

Apply the latest Windows Updates to any Microsoft Windows servers which create SSL connections (e.g. TMG, IIS, SharePoint servers). 

The March 2015 Patch Tuesday update, released on March 10th, includes a fix for the FREAK exploit as described in Microsoft Security Bulletin MS15-031.

If you would like help securing your SharePoint environment from this exploit get in touch. You can test your sites using Qualys SSL Labs site (ssllabs.com/ssltest). 

Is this as bad as Heartbleed and Shellshock?

While neither of those bugs affect SharePoint or Microsoft servers, FREAK is a much less severe problem. Heartbleed and Shellshock were remotely exploitable by anyone, anywhere. FREAK requires live access to a user's internet connection. 

So called man in the middle attacks can be exploited in places such as a coffee shop or when using shared Wi-Fi. Although the vulnerability has existed for more than a decade, researchers have no indication that any attackers have exploited the weakness to date.