Application Security

3/6/2015
03:05 PM
Connect Directly
Twitter
LinkedIn
RSS
E-Mail
100%
0%

Scope Of FREAK Flaw Widens As Microsoft Says Windows Affected Too

Researchers had originally thought only Safari and Android affected by flaw.

The number of users at risk from the recently discovered Factoring attack on RSA-Export Keys (FREAK) flaw has increased substantially with Microsoft’s confirmation Thursday that all supported releases of Windows are vulnerable to attacks that exploit the issue. 

However, security researchers remain optimistic that the actual chances of the flaw being exploited widely remain relatively low, simply because of the effort required to pull off the attack.

In a security alert, Microsoft said it was aware of a “security feature bypass” vulnerability in the Secure Channel security package that implements Secure Sockets Layer (SSL) and Transport Layer Security (TLS) in Windows.

The vulnerability could allow an attacker to force the downgrade of encryption protocols used in an SSL/TSL connection between a Windows client system and a server, Microsoft said.

“The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems,” the company noted.

Microsoft will provide a fix through its monthly release process or provide an out-of-cycle security update, the company said.

Enterprises should pay attention to the news, because a vast majority of them run Windows systems, says Sekhar Sarukkai, co-founder and vice president of engineering at Skyhigh Networks.  “It is important because it can have an impact on the insider threat issue,” Sarukkai said.

A Windows user with malicious intent can potentially take advantage of the flaw to force a downgrade of the encryption protocols and gain illegal access to systems and data, he said.

Sarukkai said that Skyhigh has discovered that at least 695 cloud service providers are also vulnerable to the issue, including leading backup, HR, security, CRM and ERP service providers.

Simon Crosby, CTO of Bromium, said news about Microsoft Windows also being vulnerable means FREAK is more serious than initially thought. “More broadly, the bug brings up some pretty serious questions about how the security protocols of yesteryear may affect us today and in the future,” he said in an emailed statement. “The older your infrastructure, the more likely latent vulnerabilities will surface, as they have in this case.” The message for CIOs is to upgrade and patch where they can, he said.

When Microsoft and researchers at INRIA and IMDEA first reported the FREAK vulnerability earlier this week, they described the flaw as only affecting Apple’s Safari TSL/SSL clients and Google’s Android Open SSL clients.

The vulnerability basically gives attackers a way to weaken and break the encryption that is used to protect communications between a client browser and a web server. It takes advantage of the fact that millions of websites that issue browser-trusted SSL certs based on current crypto standards also support an archaic 512-bit version of SSL/TSL that many assumed had become extinct years ago.

The support is a hangover from the 1990s when a U.S. government ban on the export of strong encryption tools resulted in technology firms shipping 512-bit encryption products overseas instead. 

As cryptographer Matthew Green explains, this resulted in U.S. servers needing to support both weak and strong encryption protocols. To cope with this, SSL designers developed a sort of negotiating mechanism to identify the best protocol to use for clients supporting strong encryption and for those with the weaker 512-bit crypto.

Over the years the ban on encryption was lifted but millions of servers around the world still support both strong and weak crypto contrary to what security researchers had assumed.

Modern TLS clients from Apple, Google, and, with Wednesday’s announcement, Microsoft, have a bug that allows attackers to take advantage of this fact, and essentially trick a web server into using the weaker 512-bit encryption during a session.

According to the security researchers who discovered the flaw, an attacker would need just over seven hours to crack the session key and essentially intercept traffic in clear text as it flows between the browser and server and steal data or launch attacks against the web server.

Nearly one-quarter of all SSL-encrypted websites are believed vulnerable to the flaw.

Pulling off an attack though is not easy, because it would require an attacker to first identify a vulnerable client and web server and then launch a man-in-the-middle attack to intercept and manipulate the session between the browser and server.

“This is still a highly targeted attack however, since the attacker must target specific sites with support for export encryption and then spend the effort to crack their 512-bit RSA ephemeral key,” says Craig Young, senior security researcher at Tripwire. The attack is only possible if server administrators do not have the weaker "export" ciphers enabled, he said in emailed comments.

“Windows users should not be particularly concerned about this attack, but it would be wise to disable the RSA key exchange ciphers as Microsoft recommends particularly on systems which are used on public wireless networks.” 

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MarcT326
100%
0%
MarcT326,
User Rank: Apprentice
3/9/2015 | 4:10:38 PM
Why did it take so long to recognize?
I'm a little puzzled...  When I first read about FREAK last week, I immediately visited the freakattack.com test site to see whether my device was vulnerable (of course, it was.)  The very next thing I did was to visit the same site from my Windows laptop, using Chrome, Firefox and IE - and in each case it reported that I was vulnerable. 

It doesn't require a code review to predict the vulnerability; it merely requires a test, and since someone else already did the work to build that test... why did it take Microsoft this long to figure this out?  Or was it merely that it took this long for the bureaucratic wheels to grind out a press release? 


Obviously this is just a matter of days, against the backdrop of this being a decade-old vulnerability... but once the announcement is out there, seconds count - and it seems that Microsoft was asleep at the switch.
12 Free, Ready-to-Use Security Tools
Steve Zurier, Freelance Writer,  10/12/2018
Most IT Security Pros Want to Change Jobs
Dark Reading Staff 10/12/2018
6 Security Trends for 2018/2019
Curtis Franklin Jr., Senior Editor at Dark Reading,  10/15/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-10839
PUBLISHED: 2018-10-16
Qemu emulator <= 3.0.0 built with the NE2000 NIC emulation support is vulnerable to an integer overflow, which could lead to buffer overflow issue. It could occur when receiving packets over the network. A user inside guest could use this flaw to crash the Qemu process resulting in DoS.
CVE-2018-13399
PUBLISHED: 2018-10-16
The Microsoft Windows Installer for Atlassian Fisheye and Crucible before version 4.6.1 allows local attackers to escalate privileges because of weak permissions on the installation directory.
CVE-2018-18381
PUBLISHED: 2018-10-16
Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.
CVE-2018-18382
PUBLISHED: 2018-10-16
Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.
CVE-2018-18374
PUBLISHED: 2018-10-16
XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.