Microsoft Corp. has a fundamental flaw in its security infrastructure, and network executives who want to run applications that use digital certificates or deploy cryptography software that runs on Windows will need to patch the operating system quickly.
An independent researcher discovered the flaw early last month in the Windows cryptography API (CryptoAPI), which provides the operating system's framework that programs use to obtain cryptographic services. The CryptoAPI supports encryption, decryption and digital certificate handling.
The problem is that the CryptoAPI does not check a parameter, called Basic Constraints, within a digital certificate that is used to validate digital certificate chains, the hierarchy of trust that cascades from top-level certificate authorities such as VeriSign. That means hackers can create bogus certificates and use them as trusted certificates without being detected by Microsoft software, which would let them hijack secure communications or forge digital signatures.
Researcher Mike Benham already has proven the flaw affects Microsoft's Internet Explorer and Outlook. It also has ramifications for users of the IP Security (IPSec) standard and Microsoft's Authenticode, which is used to validate as a trusted party anyone who provides executable code that a user might download and install. Microsoft's BizTalk server also relies on the CryptoAPI to handle its security services.
Vulnerability to the flaw extends to any application or third-party product, such as smart card services, that plugs into the CryptoAPI and relies on it to validate the chains of trust that issuers of digital certificates create.
"The big problem is that you have a fundamental flaw in a critical piece of infrastructure," says Russ Cooper, editor of the NT BugTraq Web site and the surgeon general for TruSecure. "If Joe Enterprise relies on the CryptoAPI to handle digital certificates for [Secure Sockets Layer], [Secure/Multipurpose Internet Mail Extensions], Authenticode, Active X controls or Active Directory using IPSec and digital certificates, then in order for him to trust those systems he needs to patch those systems."
Cooper says he doesn't perceive an imminent threat but that the potential severity of the problem lies in the fact that digital certificates are becoming more prevalent to support secure communications.
Last week, Microsoft began releasing patches for Windows 98, 98 Second Edition, ME, NT 4.0, NT 4.0 Terminal Server Edition, 2000 and XP.
"This chips away at the foundation of security with computers," says Doug Spindler, project coordinator for Active Directory at the Lawrence Berkeley National Laboratory.
"I don't see this flaw as a major blow, but you have to take it in context with all the others," he says. In the past month Microsoft has issued almost a dozen security patches for software such as SQL Server and Office.
Microsoft acknowledges it made a mistake in the development of the CryptoAPI, which was first used in later editions of Windows 95. Microsoft created the proprietary CryptoAPI instead of using the Generic Security Service Application Program Interface (GSS-API), which is an accepted standard. Microsoft since has added support for the Security Support Provider Interface, which is similar to GSS-API, to Win 2000 and XP to handle some security tasks, but the CryptoAPI remains an underlying service.
"With CryptoAPI we were trying to build in flexibility for nonstandard certificates, and that is how this vulnerability was created," says Scott Culp, manager of the Microsoft Security Response Center. "It's a classic flexibility vs. security issue."
But Culp says exploits of the flaw, especially with Authenticode, are difficult and often create a traceroute back to the offending party.
However, while experts say that digital certificates issued by top-level certificate authorities can be traced, they often are issued to a company or entity that distributes the certificate's private key to multiple users. Those who use the private key can be traced only as far back as the company named on the certificate.
"A certificate is a private key, and a private key can be used by many people," says Paul Hoffman, director of the Internet Mail Consortium. "One rogue programmer could use the private key to create bogus certificates."
Hoffman says that fact highlights why people need to safeguard their private keys.