New Software Update to Windows Restricts Use of Certificates with RSA Keys Less Than 1024 bits in Length
On Tuesday, Microsoft announced the availability of an update to Windows that restricts the use of any certificates with RSA keys less than 1024 bits in length.
The update hasn't received much attention, as it may have been clouded by the focus on a slew of updates as part of the company's Patch Tuesday updates released the same day. Nevertheless, this is an update IT security teams should pay attention to, and consider deploying sooner rather than later.
The reason, Microsoft explains, is that weak certificates with keys less than 1024 bits in length can be derived with few resources in a rather short amount of time and could allow an attacker to duplicate the certificates and use them fraudulently to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. (For the technically curious, you can read about MD5 collision attacks here and here).
The update can be downloaded through the Microsoft Download Center as well as the Microsoft Update Catalog, and is available for all currently supported releases of the Windows operating system.
Additionally, in the advisory, Microsoft said it would release the update through Microsoft Update in October, 2012 “after customers have a chance to assess the impact of this update and take necessary actions to use certificates with RSA keys greater than or equal to 1024 bits in length in their enterprise.”
To that note, Microsoft suggests that customers download the update and assess the impact of blocking certificates with RSA keys less than 1024 bits in length before applying the update across their enterprise. The reason is that there are several known issues associated with the update that could disrupt operations.
First, like many software updates, a system restart is required after applying the update, so something to keep in mind when updating systems for which even minimal downtime could disrupt operations. Other issues include possible problems with Outlook being able encrypt email using weaker certificates, as well as Internet Explorer not being allowed to access websites secured using an RSA certificate with key length of less than 1024 bits. There are several other issues mentioned that can be seen in the “Known Issues” section here.
The issues of weaknesses in certificates was highlighted during the investigation of the Flame attacks, when it was discovered that components of the complex malware were signed with a certificate that chained up to the Microsoft Enforced Licensing Intermediate PCA certificate authority, and ultimately, to the Microsoft Root Authority. Those certificates were subsequently used in combination with a man-in-the-middle attack to hijack the Windows Update mechanism and propagate the malware on a local network.
In June, Microsoft revoked trust in the certificate authorities at the center of the Flame attacks and updated the Windows Update mechanism to only trust files signed by the new certificate that is used exclusively to protect updates to the Windows Update client.
“Certificate-based attacks are a huge issue that enterprises have to take seriously. One weak certificate can result in a breach that compromises valuable intellectual, competitive and customer information, not to mention reputation and brand damage that can be inflicted,” Jeff Hudson, CEO of Venafi explained. “Just like Microsoft, if your organization has weak certificates deployed, then it is vulnerable to Flame-style attacks. The only way to reduce risk in this situation is to identify, revoke and replace any vulnerable certificates—it really is that simple.”
Interestingly, and somewhat comical, the attackers who compromised Microsoft as part of the Flame attack were honored with a Pwnie award for “Epic Ownage” this year. The Pwnie Awards is an annual awards ceremony celebrating the achievements and failures of security researchers and the security community.
“0wnage, measured in owws, can be delivered in mass quantities to a single organization or distributed across the wider Internet population,” those judging the Pwnie awards explain. “The Epic 0wnage award goes to the hackers responsible for delivering the most damaging, widely publicized, or hilarious 0wnage. This award can also be awarded to the researcher responsible for disclosing the vulnerability or exploit that resulted in delivering the most owws across the Internet.”
“Any attack that requires a breakthrough in cryptography to pull off is pretty cool in our book,” the Pwnie judges said, commenting on the Microsoft certificate compromise. “And being able to pwn any Windows machine through Windows Update is pretty mass 0wnage.”
“I can’t say that this year’s Epic 0wnage award was a surprise,” Said Venafi’s Hudson. “Taking control of the Microsoft Windows update system is about as epic a security failure as it gets.”
But Pwnie Awards and humor aside, Hudson and Microsoft both realize the situation is serious.
“There is certainly a more serious side to all of this, and it's one the entertainment factor should not over shadow,” Hudson said. “The award and Microsoft’s admission of the problem highlights serious vulnerabilities in all organizations. With weak digital certificates and insufficient key management controls it's not a matter of if but when you'll be compromised.”
So given the status of vulnerable certificates, Microsoft’s move to force the use of certificates with RSA keys with at least 1024 bits in length is being viewed as a good move.
“In taking this step, Microsoft has highlighted to the world that certificates signed with weak encryption keys are basically open doors that cybercriminals can slip through, Hudson told SecurityWeek.
“What incidents such as Flame have shown us is that once inside, there are no limits to the levels of control and nefarious activity they can achieve—within systems and applications filled with sensitive and valuable data,” he added. “The world needs to follow Microsoft’s lead and take immediate action to find, revoke and replace all digital certificates signed with key lengths of less than 1024 bits.”
“Any organization with this key length in use is an open target just waiting for a data breach to occur,” Hudson concluded.
Taking Action on Weak Certificates
So what can you do to hunt down the said RSA certificates that don’t meet the 1024 bit minimum requirements?
Microsoft says there are four main methods for discovering these now inadequate certificates:
1.) Check certificates and certification paths manually
2.) Use CAPI2 logging
3.) Check certificate templates
4.) Enable logging on computers that have the update installed
Details on these methods can be found here.
If you need to make some changes, why stop at 1024 bits? “The primary resolution for any issue that is related to blocking of a certificate that has a key length of less than 1024 bits is to implement a larger (1024 bit key length or larger) certificate,” Microsoft explains. “We recommend that users implement certificates that have a key length of at least 2048 bits.”
If you are responsible for the certificate function of your IT operations, the advisory should be considered required reading if you haven’t already read it.
While the Flame malware is widely speculated to be a targeted attack against Iran and possibly other nations in the Middle East, the same types of attacks could be used against enterprises in the United States and around the world. Because of this threat, Venafi suggests that enterprises proactively defend their global networks against breaches that result from weak security by locating and replacing all weak and vulnerable certificates, especially any MD5-signed certificates.
Based recent scans conducted by Venafi, some networks had as many as 78 percent of their internal certificates signed with MD5. Additionally, 17.4 percent of all scanned internal and external certificates were signed with MD5.
You can learn more on this topic in an on demand version of a recent Webcast hosted by SecurityWeek and Venafi.