Microsoft on Thursday released a patch that plugs a security hole in its cryptography software that allows hackers to use bogus digital certificates to hijack secure communications and forge digital signatures.
The hole, discovered early last month by an independent researcher, was in the Windows cryptography API (CryptoAPI), which provides the operating system's framework that programs use to obtain cryptographic services. The CryptoAPI provides support for encryption, decryption, digital certificate handling, and other tasks.
"This is one of those things where you will have to touch every machine [to apply the fix]," says Russ Cooper, the editor of the NT BugTraq Web site and the surgeon general for TruSecure.
The patch applies to multiple versions of the Windows operating system and three programs for the Macintosh: Office, Internet Explorer and Outlook Express. The affected versions of the operating system include Windows 98, 98 Second Edition, ME, NT 4.0, NT 4.0 Terminal Server Edition, 2000 and XP.
Since exploit code has already been published, Microsoft is releasing versions of the patch as they are completed; therefore, all the patches for all the affected software are not yet available. The patches currently available are for Windows NT 4.0 and XP. The patch is listed as critical.
The problem is that the CryptoAPI does not check a parameter, called "Basic Constraints," within a digital certificate that is used to validate digital certificate chains, the hierarchy of trust that cascades from top-level certificate authorities such as VeriSign. That means that bogus certificates can be created and used as trusted certificates without being detected by Microsoft software.
The bogus certificates can be used to support a variety of attacks, which are commonly known as "man-in-the-middle" attacks.
The bogus certificates could be used to verify the identity of the sender of an e-mail or the identity of a server. The bogus certificates also could be used to hijack IPSec sessions, spoof certificate-based authentication systems or digitally sign malicious code using Microsoft's Authenticode technology to trick users into believing the code came from a trusted source. Microsoft says the attacks require a high level of sophistication to carry out, but critics contend that the attacks are plausible.
"These man-in-the-middle attacks work best locally where you can lodge yourself on the wire or if you are one-hop away on the network," says Eugene Schultz, principal engineer for Lawrence Berkeley National Laboratory. "It's gets a lot harder when there are many hops. It is a timing issue."
Last month, independent researcher Mike Benham discovered that Internet Explorer, which uses the CryptoAPI to validate certificate chains, was susceptible to attack by hackers who could forge digital certificates and hijack connections secured by the Secure Socket Layer protocol and intercept data.
On Monday, Benham provided proof that Outlook's Secure/Multipurpose Internet Mail Extensions (S/MIME), a standard for secure mail created by the Internet Engineering Task Force, is susceptible to the flaw. The Outlook attack lets hackers create a phony security certificate that can be used to digitally sign e-mail. When a user of Outlook opens the mail, the software does not check the validity of the certificate and presents the e-mail as a digitally signed communication.
CryptoAPI also is used by many third-party applications to provide security services for their programs and any that use digital certificate validation are exposed to the vulnerability, according to Microsoft.
A plug-in for Outlook called MailSecure has already been found vulnerable to the problem. The product was originally marketed by Baltimore Technologies but was sold earlier this year to SecureNet Limited, an Australian security software vendor.