Microsoft has revoked more than two dozen digital certificates used to prove its wares are genuine after discovering some of them could be subject to the same types of attacks orchestrated by the designers of the Flame espionage malware.
Tuesday's revocation of 28 certificates is part of a much larger overhaul of Microsoft's cryptographic key management regimen that's designed to make it more resistant to abuse. The housecleaning follows last month's discovery that some of the company's trusted digital signatures were being abused to certify the validity of the Flame malware that has infected computers in Iran and other Middle Eastern Countries. By forging the cryptographic imprimatur used to certify the legitimacy of Windows updates, Flame was able to spread from one computer to another inside an infected network.
Like the intermediate certificate authorities that Flame abused to hijack the Windows Update mechanism, at least some of the certificates Microsoft moved into its Untrusted Certificate Store on Tuesday contained code-signing permissions. An advisory characterized the purge as a "pre-emptive cleanup" and said there's no evidence any of the certificates have been abused or compromised.
Flame, which the US and Israeli government reportedly deployed to disrupt Iran's nuclear program, exploited the Microsoft certificates using world-class cryptographic exploits. The overhaul is a crucial step in repairing the vulnerability caused by Microsoft's previous key management system. By chaining several low-privilege certificates to the company's sensitive root authority, engineers inadvertently designed a system that made it possible for attackers to hijack the mechanism Microsoft uses to deliver updates to millions of computers. The company also relied on MD5, a cryptographic algorithm that has long been known to be susceptible to exploits that can subvert a certificate's security. Microsoft's continued focus on locking down its way keys are managed is to be commended, but the work may not be over yet.
"This problem is harder than they may realize," Nate Lawson, a cryptography expert and the principal of security consultancy Root Labs, told Ars. "They've had many certs around since 1996 or so that chain back to their root."
Indeed, one of the certificates revoked on Tuesday carried the name Microsoft IPTVe CA, suggesting it was related to the Microsoft TV IPTV Edition, which was being aggressively marketed in 2007.
Rather than each certificate ultimately leading to the root, Lawson said a better approach might be to split off a new root for Windows, Phone, Xbox, and other major products. Then, in the event of a breach, old private keys can only affect old products and each product line is isolated so that a compromise of one key doesn't bleed into the others.
"My design philosophy is that there shouldn't be One Root to Rule Them All, though others may disagree," he explained in an e-mail. "Even a company the size of Microsoft could get by with < 20 separate "root" certs, split by product category, internal/external, etc."
Tuesday's certificate management overhaul also includes a change that provides an automated process that more quickly revokes compromised certificates for people using computers running Windows Vista and more recent releases of the Microsoft operating system. The feature was released last month, but it's now available as a "critical non-security update" though Windows.
Microsoft officials also notified users of a change starting next month in which short RSA keys will be blocked. "Once we release this update in August, we will treat all of these certificates less than 1024 bits as invalid, even if they are currently valid and signed by a trusted certificate authority," Microsoft's advisory stated. "We're reminding you now to allow everyone time to make necessary adjustments." In general the more bits contained in a key the harder it is crack using a brute-force attack.
The key-management changes came amid Patch Tuesday, a monthly release of security updates for various Microsoft products. In all, the company released nine security bulletins addressing at least 16 vulnerabilities. Three of the updates—in Internet Explorer, Microsoft XML core services, and Microsoft Data Access Components—have a severity rating of Critical. The remaining six are rated as Important.
Story updated to include details about 1024-bit keys.
Listing image by Mike
reader comments
15