Security Advisory 2718704: Collision attack details, WU update rollout

Today, as a part of our continuing phased mitigation strategy recently discussed, we have initiated the additional hardening of Windows Update. We’ve also provided more information about the MD5 hash-collision attacks used by the Flame malware in the SRD blog. This information should help answer questions from customers about the nature of these collision attacks. We continue to encourage all customers who are not installing updates automatically to do so immediately.

To attack systems using Windows Vista and above, a potential attacker would have needed access to the now invalid Terminal Server Licensing Service certificates and the ability to perform a sophisticated MD5 hash collision. On systems that pre-date Vista, an attack is possible without an MD5 hash collision. In either case, of course, an attacker must get his signed code onto the target system. This can be done if the client’s Automatic Update program receives the attacker’s signed package because such packages are trusted so long as they are signed with a Microsoft certificate. Windows Update can only be spoofed with an unauthorized certificate combined with a man-in-the-middle attack. To address this issue, we are also taking steps to harden the Windows Update infrastructure and ensure additional protections are in place.

When events like the current one occur, it’s important for us to respond quickly and help protect customers as the first priority. This is why our initial response was to invalidate the entire certificate authority hierarchy associated with Terminal Server licensing. This applied to both present and past certificates, rather than just the specific certificates known to be used by the Flame malware. This was a broad action and was the fastest way to protect the largest number of customers. This is also why we continued our investigation and are hardening the Windows Update channel to further increase protection. And that is why we’ve waited until today, after most customers are protected from the risk posed by these certificates, to provide even more detail into how the cryptographic collisions were used in these attacks.

You can expect that we will continue to evaluate additional hardening of both the Windows Update channel and our code signing certificate controls as part of our ongoing analysis.

Mike Reavey
Senior Director, MSRC
Microsoft Trustworthy Computing