1. #1
    Moderator, News & Information
    BSOD Kernel Dump Analyst
    Contributor
    JMH's Avatar
    Join Date
    Apr 2012
    Posts
    7,194

    Microsoft Security Advisory (2718704) Unauthorized Digital Certificates Could Allow..

    General Information

    Executive Summary

    Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.

    Microsoft is providing an update for all supported releases of Microsoft Windows. The update revokes the trust of the following intermediate CA certificates:


    • Microsoft Enforced Licensing Intermediate PCA (2 certificates)
    • Microsoft Enforced Licensing Registration Authority CA (SHA1)


    Recommendation.
    For supported releases of Microsoft Windows, Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service. For more information, see the Suggested Actions section of this advisory.
    For affected devices, no update is available at this time.

    http://technet.microsoft.com/en-us/s...visory/2718704


    MVP 2013 - 2016

    Microsoft Community Contributor
    Windows Insider MVP July 2016 to end June 2017
    Dyami & Wankiya
    Team Zigzag




    • Ad Bot

      advertising
      Beep.

        
       

  2. #2
    Moderator, News & Information
    BSOD Kernel Dump Analyst
    Contributor
    JMH's Avatar
    Join Date
    Apr 2012
    Posts
    7,194

    Re: Microsoft Security Advisory (2718704) Unauthorized Digital Certificates Could All

    Microsoft douses "Flame"


    Microsoft has noticed Flame, the malware supposedly burning up the middle east and spreading like wildfire to the rest of the world, and has taken steps to stop it before becoming an uncontrollable conflagration.

    Redmond's chief concern, according to Mike Reavey, a Senior Director of the Microsoft Trustworthy Computing effort, is that Flame pretends it's a legitimate piece of Redmond-written code. Reavey uses this blog post to describe how Flame pulls that off:

    http://www.theregister.co.uk/2012/06..._douses_flame/


    MVP 2013 - 2016

    Microsoft Community Contributor
    Windows Insider MVP July 2016 to end June 2017
    Dyami & Wankiya
    Team Zigzag



  3. #3
    AceInfinity's Avatar
    Join Date
    Feb 2012
    Location
    Canada
    Posts
    1,725

    Re: Microsoft Security Advisory (2718704) Unauthorized Digital Certificates Could All

    3 Jun 2012 4:41 PM
    I wonder...

    Hopefully they had fixed this in time for the Windows 8 RC and definitely (i'm expecting) that they would have fixed it by the time Windows 8 becomes official. I'd known about the flaws in digital signatures for some time now. I posted proof on the forum here, but before finding proof the system for certificates initially seemed a bit sketchy to me anyways...
    JMH says thanks for this.
    Automation Programmer
    Microsoft MVP [2012 - 2018]

  4. #4
    Moderator, News & Information
    BSOD Kernel Dump Analyst
    Contributor
    JMH's Avatar
    Join Date
    Apr 2012
    Posts
    7,194

    Re: Microsoft Security Advisory (2718704) Unauthorized Digital Certificates Could All



    MVP 2013 - 2016

    Microsoft Community Contributor
    Windows Insider MVP July 2016 to end June 2017
    Dyami & Wankiya
    Team Zigzag



  5. #5
    AceInfinity's Avatar
    Join Date
    Feb 2012
    Location
    Canada
    Posts
    1,725

    Re: Microsoft Security Advisory (2718704) Unauthorized Digital Certificates Could All

    I'd like to get my hands on the source of 'Flame' to see if it was even close to the flaw that I proposed on the forum here. I'm sure it's close, unless there's more than one way to skin the cat with this signature flaw? In which case i'm sure the security team has now opened their eyes to my issue even more lol. This was interesting to see though... Thanks :)

    This can't be a bad thing, it's basically these people that will force Microsoft to upgrade their security with Digital Signatures.
    Automation Programmer
    Microsoft MVP [2012 - 2018]

  6. #6
    Corrine's Avatar
    Join Date
    Feb 2012
    Location
    Upstate, NY
    Posts
    8,835

    Re: Microsoft Security Advisory (2718704) Unauthorized Digital Certificates Could All

    Follow-up by Mike Reavey, Senior Director, MSRC, Microsoft Trustworthy Computing: Security Advisory 2718704: Update to Phased Mitigation Strategy.

    In part:
    The Flame malware used a cryptographic collision attack in combination with the terminal server licensing service certificates to sign code as if it came from Microsoft. However, code-signing without performing a collision is also possible. This is an avenue for compromise that may be used by additional attackers on customers not originally the focus of the Flame malware. In all cases, Windows Update can only be spoofed with an unauthorized certificate combined with a man-in-the-middle attack.

    To increase protection for customers, the next action of our mitigation strategy is to further harden Windows Update as a defense-in-depth precaution. We will begin this update following broad adoption of Security Advisory 2718704 in order not to interfere with that update’s worldwide deployment. We will provide more information on the timing of the additional hardening to Windows Update in the near future.

    Our investigation of this issue is ongoing and we will continue to provide further guidance as available, and take any appropriate actions to help protect our customers.


    Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

    Remember - A day without laughter is a day wasted.
    May the wind sing to you and the sun rise in your heart.

  7. #7
    AceInfinity's Avatar
    Join Date
    Feb 2012
    Location
    Canada
    Posts
    1,725

    Re: Microsoft Security Advisory (2718704) Unauthorized Digital Certificates Could All

    "cryptographic collision attack" hahaha - fancy vocabulary for MD5 matching perhaps? In combination with not invalidating the signature... This is one thing I DID point out, MD5 is a broken hash algorithm. Where ever my thread is, I mentioned about being able to modify the file as long as the MD5 is matched, while using this method of trickery to keep the certificate validated from any change. From my reading, it seems people do go to the tedious extent to actually achieve this...

    Personally I did doubt anybody's capability of actually achieving both at the same time, however it is evident now that there are those out there who have the capability to do it! Scary...

    I'm reading this though: "However, code-signing without performing a collision is also possible." and that sounds like exactly what I demonstrated in the example binary I gave for MSE.

    "Our investigation of this issue is ongoing and we will continue to provide further guidance as available, and take any appropriate actions to help protect our customers."
    Automation Programmer
    Microsoft MVP [2012 - 2018]

Similar Threads

  1. Microsoft Security Advisory (2719662)
    By JMH in forum General Help & Information
    Replies: 0
    Last Post: 07-04-2013, 02:12 AM
  2. Microsoft Security Advisory 2794220
    By Corrine in forum General Help & Information
    Replies: 1
    Last Post: 12-31-2012, 07:45 PM
  3. Microsoft Security Advisory (2757760)
    By JMH in forum Microsoft News
    Replies: 0
    Last Post: 09-18-2012, 12:35 AM
  4. Microsoft Security Advisory (2719615)
    By JMH in forum General Help & Information
    Replies: 1
    Last Post: 07-10-2012, 04:03 PM
  5. Microsoft Security Advisory 2719615 + Fix it Solution
    By Corrine in forum General Help & Information
    Replies: 0
    Last Post: 06-12-2012, 10:09 PM

Log in

Log in