December 18, 2018

Microsoft Fixes Eight Security Vulnerabilities in its Products

(LiveHacking.Com) – Microsoft has released seven security bulletins as part of its Patch Tuesday program. One of seven bulletins is rated Critical, with the remaining six classified as Important. The Critical bulletin addresses two issues in Windows Media Player. If exploited these vulnerabilities would allow remote code execution on the affected PC. Although there are no known active exploitations of these bugs, they can be triggered by a hacker crafting a malicious MIDI or DirectShow file. If the user then opened this file their PC would become vulnerable as the attacker could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

The remaining fixes are:

  • Vulnerability in Windows Object Packager That Could Allow Remote Code Execution – The vulnerability could allow remote code execution if a user opens a legitimate file with an embedded packaged object that is located in the same network directory as a specially crafted executable file.
  • Vulnerability in Windows Client/Server Run-time Subsystem That Could Allow Elevation of Privilege – The vulnerability could allow elevation of privilege if an attacker logs on to an affected system and runs a specially crafted application. The attacker could then take complete control of the affected system and install programs; view, change, or delete data; or create new accounts with full user rights. This vulnerability can only be exploited on systems configured with a Chinese, Japanese, or Korean system locale.
  • Vulnerability in Microsoft Windows That Could Allow Remote Code Execution – The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file containing a malicious embedded ClickOnce application.
  • Vulnerability in SSL/TLS Could Allow Information Disclosure – This vulnerability affects the SSL 3.0 and TLS 1.0 protocols and is not specific to the Windows operating system. The vulnerability could allow information disclosure if an attacker intercepts encrypted web traffic served from an affected system. TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected. This should protect users  from the tool known as BEAST (Browser Exploit Against SSL/TLS).
  • Vulnerability in AntiXSS Library Could Allow Information Disclosure – The vulnerability could allow information disclosure if a an attacker passes a malicious script to a website using the sanitization function of the AntiXSS Library.

Six Security Flaws Fixed in OpenSSL

(LiveHacking.Com) – The OpenSSL project team has released two new versions of the popular open source toolkit for SSL/TLS. OpenSSL 1.0.0f and 0.9.8s fix a total of six security flaws. Of the six fixes, four apply to 1.0.0f and 0.9.8s together and then each version has one unique fix for its code stream.

The relevant security advisory lists the following:

  1. DTLS Plaintext Recovery Attack (CVE-2011-4108) – Nadhem Alfardan and Kenny Paterson have discovered an extension of the Vaudenay padding oracle attack on CBC mode encryption which enables an efficient plaintext recovery attack against the OpenSSL implementation of DTLS. Their attack exploits timing differences arising during decryption processing. A research paper describing this attack can befound at http://www.isg.rhul.ac.uk/~kp/dtls.pdf
  2. Double-free in Policy Checks (CVE-2011-4109) – If X509_V_FLAG_POLICY_CHECK is set in OpenSSL 0.9.8, then a policy check failure can lead to a double-free. The bug does not occur unless this flag is set. Users of OpenSSL 1.0.0 are not affected.
  3. Uninitialized SSL 3.0 Padding (CVE-2011-4576) – OpenSSL prior to 1.0.0f and 0.9.8s failed to clear the bytes used as block cipher padding in SSL 3.0 records. This affects both clients and servers that accept SSL 3.0 handshakes: those that call SSL_CTX_new with SSLv3_{server|client}_method or SSLv23_{server|client}_method. It does not affect TLS. As a result, in each record, up to 15 bytes of uninitialized memory may be sent, encrypted, to the SSL peer. This could include sensitive contents of previously freed memory. However, in practice, most deployments do not use SSL_MODE_RELEASE_BUFFERS and therefore have a single write buffer per connection. That write buffer is partially filled with non-sensitive, handshake data at the beginning of the connection and, thereafter, only records which are longer any any previously sent record leak any non-encrypted data. This, combined with the small number of bytes leaked per record, serves to limit to severity of this issue.
  4. Malformed RFC 3779 Data Can Cause Assertion Failures (CVE-2011-4577) – RFC 3779 data can be included in certificates, and if it is malformed, may trigger an assertion failure. This could be used in a denial-of-service attack. Note, however, that in the standard release of OpenSSL, RFC 3779 support is disabled by default, and in this case OpenSSL is not vulnerable. Builds of OpenSSL are vulnerable if configured with “enable-rfc3779”.
  5. SGC Restart DoS Attack (CVE-2011-4619) – Support for handshake restarts for server gated cryptograpy (SGC) can be used in a denial-of-service attack.
  6. Invalid GOST parameters DoS Attack (CVE-2012-0027) – A malicious TLS client can send an invalid set of GOST parameters which will cause the server to crash due to lack of error checking. This could be used in a denial-of-service attack. Only users of the OpenSSL GOST ENGINE are affected by this bug.

OpenSSL 1.0.0f  is considered the current best version of OpenSSL available and it is recommended that users of older versions upgrade as soon as possible. OpenSSL 1.0.0f is available for download via HTTP and FTP from the following master locations:

For a complete list of changes, please seehttp://cvs.openssl.org/getfile?f=openssl/CHANGES&v=OpenSSL_1_0_0f.

 

Microsoft to Revoke Trust in Malaysian CA

Microsoft has issued a notice that it will shortly revoke the trust in the Intermediate Certificate Authority DigiCert Sdn. Bhd. (Digicert Malaysia) via Windows Update. The reason for the revoke isn’t that the CA has been compromised or suffered a security breach, but rather they were caught issuing certificates with weak 512 bit keys.

The requirements of the  the Microsoft Root Program are that a minimum crypto key size of RSA 2048-bit modulus is used for any root and all issuing CAs. Microsoft used to accept root certificates with RSA 1024-bit modulus however these existing legacy 1024-bit RSA root certificates were phased out at the end of last year. The fact that this Malaysian CA issued 512-bit certificates is a clear violation of Microsoft requirements.

“The subordinate CA has clearly demonstrated poor CA security practices and Microsoft intends to revoke trust in the intermediate certificates” said Jerry Bryant, Group manager, Response Communications, Trustworthy Computing.

Although Microsoft have no indication that any of the 22 certificates were issued fraudulently, however, these weak keys have allowed some of the certificates to be compromised.  These compromised certificates could allow an attacker to impersonate the legitimate owner and make a user believe they are trusting a website or signed software that was created for malicious use.

Chrome 15 Broke The Wall Street Journal While Trying to Beat the BEAST

(LiveHacking.Com) – Earlier this month Juliano Rizzo and Thai Duong released details of a vulnerability in the encryption mechanism used in HTTPS (Secure Hypertext Transfer Protocol). They also released a tool known as BEAST (Browser Exploit Against SSL/TLS). Consequently browser makers, including Google, have been trying to tweak the SSL implementations in their browsers to reduce the risks from the BEAST.

As part of the Chrome 15 release Google did some SSL tweaking:

The NSS network library was updated to include a defense against so-called BEAST. This defense may expose bugs in Brocade hardware. Brocade is working on the issue.

Well it looks like it did expose problems. As soon as users started to upgrade to Chrome 15, reports started that users couldn’t login to Barrons Online or The Wall Street Journal.

Further investigation by Google revealed that a change, which sends only one byte of data in the first CBC encrypted application data record, broke the sites.

Google back tracked on the change and released Chrome 15.0.874.106 for Windows, Mac and Linux. Since then Barron’s has updated its site, and secure sign-in is now working with 1/n-1 SSL record splitting when using the development build of Chrome 16. No word on what, if any, changes The Wall Street Journal has made to its site.

SSL Denial Of Service Tool Released

 

(LiveHacking.Com) – The Hacker’s Choice (THC) has added a new program to its repository of  hacking tools. The new tool is designed to verify the performance of the encryption algorithms used in SSL. However since most servers are not designed to handle large amounts of SSL handshakes, running the test will cause a denial of service.

To establish a secure SSL connection generally requires 15 times more CPU power on the server than on the client and so the THC-SSL-DOS tool has been built to exploit this asymmetry by overloading the server. The overload will result in a denial of service as the server struggles to cope with the incoming SSL connections.

Although is isn’t a new problem, it has been observed and discussed since 2003, it is the first time a compact tool has been written to expose the problem from the client end. A simple laptop can issue 300 SSL handshakes per second and only use around 10 to 25% of the client CPU power. The result is that a laptop on a DSL connection can challenge a server on a 30Gbit link.

The denial of service attack can be launched on any SSL connection including HTTPS, POP3S and SMTPS.

This problem affects all SSL implementations today.

Microsoft Issues Security Advisory to Combat the BEAST

(LiveHacking.Com) – As reported yesterday, the mechanism behind earlier versions of  SSL/TLS are susceptible to attack due the way they use block ciphers. Now Microsoft has made a blog post and issued a security advisory about the problem.

This is an industry-wide issue with limited impact that affects the Internet ecosystem as a whole rather than any specific platform. Our Advisory addresses the issue via the Windows operating system.

According to Microsoft’s analysis  users are at minimal risk. To successfully exploit this issue, the would-be attacker must meet several conditions:

  • The targeted user must be in an active HTTPS session;
  • The malicious code the attacker needs to decrypt the HTTPS traffic must be injected and run in the user’s browser session; and,
  • The attacker’s malicious code must be treated as from the same origin as the HTTPS server in order to it to be allowed to piggyback the existing HTTPS connection.
  • The attack must make several hundred HTTPS requests before the attack could be successful.
  • TLS 1.1, TLS 1.2, and all cipher suites that do not use CBC mode are not affected.
For those who run servers on Windows, Microsoft suggest use of the RC4 algorithm. Since the attack only affects cipher suites that use symmetric encryption algorithms in CBC mode, such as AES, the RC4 algorithm is not vulnerable. System administrators can prioritize the RC4 algorithm on their servers using the instructions given here:  Prioritizing Schannel Cipher Suites.

Is SSL/TLS Under Attack from the BEAST?

 

(LiveHacking.Com) – Juliano Rizzo and Thai Duong have released details of a vulnerability in  TLS (Transport Layer Security) 1.0, the encryption mechanism used in HTTPS (Secure Hypertext Transfer Protocol). TLS is the successor to SSL (Secure Sockets Layer) and is widely used on the Internet. The vulnerability resides in versions 1.0 and earlier of TLS, but not in versions 1.1 and 1.2, however they remain almost entirely unsupported in browsers and websites.

At the Ekoparty security conference in Buenos Aires, Juliano and Thai released a tool, known as BEAST (Browser Exploit Against SSL/TLS), that compromises TLS by exploiting the vulnerability  that has actually been known about for years but which has been regarded as just theoretical until now.

The problem is all to do with block ciphers and Cipher Block Chaining (CBC). With CBC, each ciphertext message starts with a single extra random block, or IV (“initialization vector”). TLS <= 1.0 uses CBC but has a problem in that instead of using a new random IV for every TLS message sent, it uses the ciphertext of the last block of the last message as the IV for the next message. This means that the IV is now something an attacker can predict. A more detailed look at how the attack works can be found here.

The two-factor authentication service PhoneFactor has suggested websites use the RC4 cipher to encrypt SSL traffic instead of algorithms such as AES and DES, as RC4 is not vulnerabile to this CBC/IV problem.

According to Sophos, the pair reported their findings to the major browser vendors a month ago. However so far Google is the only company to respond with a fix (which can currently be found in the beta test versions of the browser).

DigiNotar Officially Bankrupt

(LiveHacking.Com) – The American parent company of the Dutch certificate authority (CA) DigiNotar has announced that DigiNotar is now officially bankrupt. VASCO Data Security International filed DigiNotar’s voluntary bankruptcy in the Haarlem District Court, The Netherlands at the beginning of this week and one day later the CA was officially declared bankrupt. A bankruptcy trustee, under the supervision of a judge, has now taken over the management of DigiNotar and will work to liquidate the company.

The Dutch government stepped in and took over DigiNotar after it was discovered that the company had been hacked and had been used to issue fake SSL certificates for various major sites, including Google, Mozilla, the CIA, MI6 and Mossad.

T. Kendall Hunt, VASCO’s Chairman and CEO said in a statement, “we would like to remind our customers and investors that the incident at DigiNotar has no impact on VASCO’s core authentication technology.”

“We want to emphasize that the bankruptcy filing by DigiNotar, which was primarily a certificate authority, does not involve VASCO’s core two-factor authentication business,” added Jan Valcke, VASCO’s President and COO.

It was DigiNotar’s failure to be upfront about the security breach which was the main reason it lost all credibility. Having suffered the breach, weeks went past before it started to inform the different domain name owners about what happened. Also the serial numbers for the issued certificates could not be found in DigiNotar’s records. This led to the conclusion that an unknown number of certificates were issued, probably more than 500.

“We are working to quantify the damages caused by the hacker’s intrusion into DigiNotar’s system and will provide an estimate of the range of losses as soon as possible,” said Cliff Bown, VASCO’s Executive Vice President and CFO.

Adobe Updates Acrobat to Fix Security Problems; Also Revokes Trust in DigiNotar

(LiveHacking.Com) – Adobe has released an update to Acrobat and Acrobat Reader to fix various Critical vulnerabilities. Affected versions are Adobe Reader X (10.1) and Adobe Acrobat X (10.1) including earlier versions for Windows and OS X, Adobe Reader 9.4.2 and earlier versions for UNIX. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.

The specific problems fixed are:

  • A local privilege-escalation vulnerability (Adobe Reader X (10.x) on Windows only) (CVE-2011-1353).
  • A security bypass vulnerability that could lead to code execution (CVE-2011-2431).
  • A buffer overflow vulnerability in the U3D TIFF Resource that could lead to code execution (CVE-2011-2432).
  • Heap overflows that could lead to code execution (CVE-2011-2433, CVE-2011-2434).
  • A buffer overflow vulnerability that could lead to code execution (CVE-2011-2435).
  • A heap overflow vulnerability in the Adobe image parsing library that could lead to code execution (CVE-2011-2436).
  • Three stack overflow vulnerabilities in the Adobe image parsing library that could lead to code execution (CVE-2011-2438).
  • A memory leakage condition vulnerability that could lead to code execution (CVE-2011-2439).
  • A use-after-free vulnerability that could lead to code execution (CVE-2011-2440).
  • Two stack overflow vulnerabilities in the CoolType.dll library that could lead to code execution (CVE-2011-2441).
  • A logic error vulnerability that could lead to code execution (CVE-2011-2442).

Simultaneously Adobe removed the DigiNotar root certificate from its trust list:

Adobe takes the security and trust of our users very seriously. Based on the nature of the breach, Adobe is now taking the action to remove the DigiNotar Qualified CA from the Adobe Approved Trust List.

This update has been published for Adobe Reader and Acrobat X which include a trust list that Adobe can dynamically manage without requiring a product update/patch.  A future product update of Adobe Reader and Acrobat version 9.x will also enable dynamic updates of the AATL.

Patch Tuesday Blocks More DigiNotar Certificates

(LiveHacking.Com) – As anticipated Microsoft has issued five security bulletins bringing a number of updates to Windows and Office. At the same time it has released a new update  (2616676) that blocks six additional DigiNotar root certificates. These new certificates are ones that are cross-signed by Entrust and GTE. They are:

  • DigiNotar Root CA Issued by Entrust (2 certificates)
  • DigiNotar Services 1024 CA Issued by Entrust
  • Diginotar Cyber CA Issued by GTE CyberTrust (3 certificates)

The security bulletins issued are

  1. MS11-070 Vulnerability in WINS Could Allow Elevation of Privilege
  2. MS11-071 Vulnerability in Windows Components Could Allow Remote Code Execution
  3. MS11-072 Vulnerabilities in Microsoft Excel Could Allow Remote Code Execution
  4. MS11-073 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution
  5. MS11-074 Vulnerabilities in Microsoft SharePoint Could Allow Elevation of Privilege

None of the bulletins are rated as Critical but the affected software includes all of Microsoft’s currently supported versions of Windows including XP, Vista, Windows 7 and Windows Server 2003/2008 as well Office 2003, 2007 and 2010.

MS11-071, 072 and 073 all relate to vulnerabilities could allow remote code execution if a user opens a specially crafted file. In some cases, for .doc., .rtf and .txt files, the document needs to be the located in the same network directory as a specially crafted library file for the exploit to work.