The FREAK flaw itself resides in the SSL protocol, so Microsoft has fixed with this patch (MS15-031) its own implementation of the protocol, which is used in all its proprietary software (workstation, server, IE Office).
The release contains fixes for 14 new bulletins in total, five of which are rated as Critical, nine as Important.
The bulletins address vulnerabilities residing in both the consumer and server editions of Microsoft Windows, Internet Explorer, Office, SharePoint Server, and Exchange Server. Most of them may disclose information, bypass security features or would allow an attacker to elevate privileges.
What should you do?
Once your Windows computer signals the availability of the updates don’t wait too long to apply it and reboot your system.
The post Microsoft patches FREAK for Windows, IE, Office appeared first on Avira Blog.