SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
13 Nov 2014

Microsoft Schannel bug latest in long line of serious crypto flaws

The critical vulnerability in the Schannel technology in Windows that Microsoft patched is ripe for exploitation, experts say, and continues the long line of severe vulnerabilities in major SSL/TLS implementations in recent months.

Secure Channel, also known as Schannel, is a technology that’s used in Windows to implement SSL and TLS, the main secure communications protocols.

The technology is in every supported version of Windows, and it can be exploited remotely by unauthenticated attackers. The company said that the vulnerability was found during a “proactive security audit”. In order to exploit the vulnerability, an attacker only needs to control a malicious Web page with the exploit code and have users visit it. The Schannle vulnerability follows in the dubious footsteps of many other SSL/TLS vulnerabilities that have appeared on the landscape in the last couple of years.

The leader of the pack in this regard is Heartbleed, the notorious flaw in OpenSSL that threw the security community into a frenzy in the spring. That vulnerability enables an attacker to read the memory of systems protected by vulnerable versions of the software under certain circumstances. This can allow them to steal SSL keys and decrypt protected communications.

“A remote code execution vulnerability exists in the Secure Channel (Schannel) security package due to the improper processing of specially crafted packets. Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers. The update addresses the vulnerability by correcting how Schannel sanitizes specially crafted packets,” Microsoft said in its advisory.

“Microsoft stated that this vulnerability will allow remote code execution and that it can be used to exploit servers. Microsoft also assigned this vulnerability an exploitability of ’1′, indicating that an exploit is likely going to be developed soon. But other then that, very little has been released publicly about the nature of the vulnerability,” Johannes Ullrich of the SANS Institute said.

“My guess is that you probably have a week, maybe less, to patch your systems before an exploit is released. You got a good inventory of your systems? Then you are in good shape to make this work. For the rest (vast majority?): While you patch, also figure out counter measures and alternative emergency configurations.” In June, a critical flaw was discovered in GnuTLS, a popular open-source cryptographic library, that allows an attacker to run arbitrary code.

“A flaw was found in the way GnuTLS parsed session IDs from Server Hello packets of the TLS/SSL handshake,” said Tomas Hoger in an advisory posted by Red Hat. “A malicious server could use this flaw to send an excessively long session ID value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code.”

More recently, researchers at Google disclosed a new attack on SSLv3 called POODLE that enables an attacker with a man-in-the-middle position to force a target server to fallback to the weak SSLv3 protocol. If he can then force the user to run some Javascript in his browser, the attacker will eventually be able to decrypt the protected connection. Microsoft also added several new ciphersuites to its TLS implementation in Windows.

“In addition to the changes that are listed in the Vulnerability Information section of this bulletin, this update includes changes to available TLS cipher suites. This update includes new TLS cipher suites that offer more robust encryption to protect customer information. These new cipher suites all operate in Galois/counter mode (GCM), and two of them offer perfect forward secrecy (PFS) by using DHE key exchange together with RSA authentication,” the advisory says.

Tags:
information leaks Microsoft Windows Schannel SSL
Source:
Threatpost
2053
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015