Application Security
3/6/2015
03:05 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Scope Of FREAK Flaw Widens As Microsoft Says Windows Affected Too

Researchers had originally thought only Safari and Android affected by flaw.

The number of users at risk from the recently discovered Factoring attack on RSA-Export Keys (FREAK) flaw has increased substantially with Microsoft’s confirmation Thursday that all supported releases of Windows are vulnerable to attacks that exploit the issue. 

However, security researchers remain optimistic that the actual chances of the flaw being exploited widely remain relatively low, simply because of the effort required to pull off the attack.

In a security alert, Microsoft said it was aware of a “security feature bypass” vulnerability in the Secure Channel security package that implements Secure Sockets Layer (SSL) and Transport Layer Security (TLS) in Windows.

The vulnerability could allow an attacker to force the downgrade of encryption protocols used in an SSL/TSL connection between a Windows client system and a server, Microsoft said.

“The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems,” the company noted.

Microsoft will provide a fix through its monthly release process or provide an out-of-cycle security update, the company said.

Enterprises should pay attention to the news, because a vast majority of them run Windows systems, says Sekhar Sarukkai, co-founder and vice president of engineering at Skyhigh Networks.  “It is important because it can have an impact on the insider threat issue,” Sarukkai said.

A Windows user with malicious intent can potentially take advantage of the flaw to force a downgrade of the encryption protocols and gain illegal access to systems and data, he said.

Sarukkai said that Skyhigh has discovered that at least 695 cloud service providers are also vulnerable to the issue, including leading backup, HR, security, CRM and ERP service providers.

Simon Crosby, CTO of Bromium, said news about Microsoft Windows also being vulnerable means FREAK is more serious than initially thought. “More broadly, the bug brings up some pretty serious questions about how the security protocols of yesteryear may affect us today and in the future,” he said in an emailed statement. “The older your infrastructure, the more likely latent vulnerabilities will surface, as they have in this case.” The message for CIOs is to upgrade and patch where they can, he said.

When Microsoft and researchers at INRIA and IMDEA first reported the FREAK vulnerability earlier this week, they described the flaw as only affecting Apple’s Safari TSL/SSL clients and Google’s Android Open SSL clients.

The vulnerability basically gives attackers a way to weaken and break the encryption that is used to protect communications between a client browser and a web server. It takes advantage of the fact that millions of websites that issue browser-trusted SSL certs based on current crypto standards also support an archaic 512-bit version of SSL/TSL that many assumed had become extinct years ago.

The support is a hangover from the 1990s when a U.S. government ban on the export of strong encryption tools resulted in technology firms shipping 512-bit encryption products overseas instead. 

As cryptographer Matthew Green explains, this resulted in U.S. servers needing to support both weak and strong encryption protocols. To cope with this, SSL designers developed a sort of negotiating mechanism to identify the best protocol to use for clients supporting strong encryption and for those with the weaker 512-bit crypto.

Over the years the ban on encryption was lifted but millions of servers around the world still support both strong and weak crypto contrary to what security researchers had assumed.

Modern TLS clients from Apple, Google, and, with Wednesday’s announcement, Microsoft, have a bug that allows attackers to take advantage of this fact, and essentially trick a web server into using the weaker 512-bit encryption during a session.

According to the security researchers who discovered the flaw, an attacker would need just over seven hours to crack the session key and essentially intercept traffic in clear text as it flows between the browser and server and steal data or launch attacks against the web server.

Nearly one-quarter of all SSL-encrypted websites are believed vulnerable to the flaw.

Pulling off an attack though is not easy, because it would require an attacker to first identify a vulnerable client and web server and then launch a man-in-the-middle attack to intercept and manipulate the session between the browser and server.

“This is still a highly targeted attack however, since the attacker must target specific sites with support for export encryption and then spend the effort to crack their 512-bit RSA ephemeral key,” says Craig Young, senior security researcher at Tripwire. The attack is only possible if server administrators do not have the weaker "export" ciphers enabled, he said in emailed comments.

“Windows users should not be particularly concerned about this attack, but it would be wise to disable the RSA key exchange ciphers as Microsoft recommends particularly on systems which are used on public wireless networks.” 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MarcT326
100%
0%
MarcT326,
User Rank: Apprentice
3/9/2015 | 4:10:38 PM
Why did it take so long to recognize?
I'm a little puzzled...  When I first read about FREAK last week, I immediately visited the freakattack.com test site to see whether my device was vulnerable (of course, it was.)  The very next thing I did was to visit the same site from my Windows laptop, using Chrome, Firefox and IE - and in each case it reported that I was vulnerable. 

It doesn't require a code review to predict the vulnerability; it merely requires a test, and since someone else already did the work to build that test... why did it take Microsoft this long to figure this out?  Or was it merely that it took this long for the bureaucratic wheels to grind out a press release? 


Obviously this is just a matter of days, against the backdrop of this being a decade-old vulnerability... but once the announcement is out there, seconds count - and it seems that Microsoft was asleep at the switch.
5 Reasons the Cybersecurity Labor Shortfall Won't End Soon
Steve Morgan, Founder & CEO, Cybersecurity Ventures,  12/11/2017
BlueBorne Attack Highlights Flaws in Linux, IoT Security
Kelly Sheridan, Associate Editor, Dark Reading,  12/14/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
The Year in Security: 2017
A look at the biggest news stories (so far) of 2017 that shaped the cybersecurity landscape -- from Russian hacking, ransomware's coming-out party, and voting machine vulnerabilities to the massive data breach of credit-monitoring firm Equifax.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.