Microsoft has released a giant Patch Tuesday update addressing the recently uncovered Freak flaw, alongside five critical fixes for Windows, Internet Explorer and Office.
The Freak update was given an 'important' ranking despite being the most high-profile bug fixed in the March 2015 Patch Tuesday update.
'Freak' is a cross platform flaw in SSL/TLS protocols that could be exploited to intercept and decrypt HTTPS connections between vulnerable clients and servers.
"This security update resolves a vulnerability in Microsoft Windows that facilitates exploitation of the publicly disclosed Freak technique, an industry-wide issue that is not specific to Windows operating systems," explained Microsoft in its advisory.
"The vulnerability could allow a man-in-the-middle attacker to force the downgrading of the key length of an RSA key to Export-grade length in a TLS connection.
"Any Windows system using Schannel to connect to a remote TLS server with an insecure cipher suite is affected."
The five 'critical' updates fix flaws in Internet Explorer, Windows, Windows VBScript Scripting Engine, Windows Adobe Font Driver and Microsoft Server in Office.
The Internet Explorer fixes are the latest in a long line of critical updates to Microsoft's browser, which received over 200 fixes in 2014. Microsoft warned that they could be exploited by hackers for a variety of purposes.
"This security update resolves vulnerabilities in Internet Explorer. The most severe could allow remote code execution if a user views a specially crafted web page using Internet Explorer," read the advisory.
"An attacker who successfully exploited these vulnerabilities could gain the same user rights as the current user."
The VBScript Scripting Engine flaw could allow remote code execution if a user visits a specially crafted website, and would grant the hacker the same rights as the system's current user.
The Windows flaw could lead to remote code execution "if an attacker successfully convinces a user to browse to a specially crafted website, open a specially crafted file, or browse to a working directory that contains a specially crafted DLL file".
The Adobe Font Driver fix addresses several bugs, one of which could allow remote code execution if a user views a specially crafted file or website, and could let an attacker take complete control of the victim system.
The final Microsoft Server update resolves several flaws, the most severe of which could allow remote code execution if a user opens a specially crafted Microsoft Office file.
The remaining 'important' updates plug flaws in Remote Desktop Protocol, Windows Photo Decoder Component, Windows Task Scheduler, Windows NETLOGON, Microsoft Exchange Server, PNG Processing and Windows Kernel.
The bugs could be used for a variety of purposes, including denial of service, information disclosure, security feature bypass and elevation of privileges.
The March Patch Tuesday update is listed by many in the security community as the biggest this year. Karl Sigler, threat intelligence manager at Trustwave, said the influx of serious fixes means that IT managers should install the patches sooner rather than later.
"March comes in like a lion this Microsoft Patch Tuesday with 14 bulletins, including four rated 'critical' and 10 rated 'important'. All told, this release covers 45 individual vulnerabilities," he said.
"Continuing an almost non-stop flow of patches, Internet Explorer accounts for 15 of those vulnerabilities. Like months past, the majority of them are memory corruption bugs, the worst of which could result in remote code execution."
Freak is one of many high-profile encryption flaws uncovered in recent years.
Researchers announced plans on Wednesday to launch an independent audit of OpenSSL security following the discovery of the Heartbleed bug.
This was part of a wider push by the Linux Foundation to improve open source projects' cyber defences.
V3 looks at how the world's most popular programming languages have evolved over the last 50 years - from Fortran to Swift
IBM software case reminiscent of TSMC trade secrets theft claim
iPhone 8 specs, release date, price, features, basically everything! But will it have a curved display?
CISO pay boom as security become a boardroom concern