Microsoft has issued a new antifraud certificate feature for Windows systems that checks the authenticity of certificates issued by the software giant to speed the process of removing revoked certificates. The new feature was released along with the company’s June 2012 Patch Tuesday round of updates.
The new method should make that process faster, simpler and in the end provide better protections for Windows users.
Andrew Storms, director of security operations, nCircle
Digital certificates are issued by software vendors as a mechanism to validate the authenticity of the software. The update is in response to the Flame malware toolkit, which used fraudulent Microsoft certificates to spoof the Windows Update mechanism on Windows systems. Researchers have been dissecting Flame and its various components since it was detected on Windows systems in Iran and other countries in the Middle East and North Africa. The latest analysis ties the malware toolkit to the authors of Stuxnet, believed to have been part of a joint U.S.-Israeli operation.
Microsoft said the automatic update feature works on Windows Vista and Windows 7 systems. It checks daily for updated information about certificates that are no longer trustworthy, said Microsoft spokesperson Angela Gunn. Changes to the Microsoft Untrusted Certificate Store were done manually, lengthening the time revoked certificates could be used by attackers, according to Microsoft.
Microsoft was in a similar position last year when it and other software vendors were forced to package up and distribute an update to revoke bad certificates after the DigiNotar certificate breach, said Andrew Storms, director of security operations at vulnerability management vendor nCircle
"Packaging up an update, distributing it and waiting for users to install it can be a lengthy and resource intensive process," Storms said. "The new method should make that process faster, simpler and in the end provide better protections for Windows users."
The update adds known fraudulent certificates to the untrusted certificate store by using a certificate trust list that contains either their public key or their signature hash. Enterprise IT administrators should thoroughly test the update before deploying it, said Marcus Carey, a security researcher at Rapid7. “I’m particularly concerned with legacy appliances and systems that could be adversely affected by the change in key length,” Carey said.
Microsoft revoked three of its certificates, issuing an emergency update June 3 affecting all Windows systems. The Flame attackers targeted the encryption protecting the company’s Terminal Server Licensing Service, which allows customers to authorize Remote Desktop services in their enterprise. The service used an older encryption algorithm and provided certificates with the ability to sign code.
Hardening Windows Update
Microsoft is also planning to roll out measures in August to address the encryption algorithm used by its certificates. The update will address how Windows manages certificates that have RSA keys of less than 1024 bits in length, Gunn wrote in the company’s MSRC blog.
The authors of the Flame malware toolkit successfully used a hash collision attack against the software giant’s current crypto implementation, an advanced hacking technique that has only been demonstrated by researchers. The update would block the use of cryptographic keys that are less than 1024 bits, Microsoft said.
The update will affect all currently supported versions of Windows except for the company’s mobile platform. It could potentially cause issues for organizations using the weaker algorithm said nCircle's Storms. “Even Microsoft was still using MD5 as we saw with the hash collision in use for Flame,” he said. “If the update in August is forced then there could be undesirable side affects to enterprise networks.”
Microsoft’s Kurt Hudson, a senior technical writer, warned businesses to prepare for the update in a message describing the RSA key change in the company’s PKI blog.
“To prepare for this update, you should determine whether your organization is currently using keys less than 1024 bits,” he wrote “If it is, then you should take steps to update your cryptographic settings such that keys under 1024 bits are not in use.”