Yesterday’s Internet Explorer security bulletin, in addition to patching 14 vulnerabilities, also affords Windows admins the ability to disable SSL 3.0 in IE 11 for Protected Mode sites. Doing so eliminates exposure to POODLE SSL attacks.
Microsoft said the change is off by default for now, but will turn it on by default in IE on Feb. 10, 2015. This is Microsoft’s first step toward disabling SSL 3.0 by default in all of its online services. Other providers such as Google have already moved in this direction. Chrome 39, released in late November, also removed support for the fallback to SSL 3.0.
The move from Microsoft comes two days after the latest news in the POODLE saga that revealed some implementations of TLS are also vulnerable. TLS is the replacement for SSL used for secure communication in many organizations.
POODLE attacks enable hackers to decrypt traffic over a supposedly secure connection. The weakness in SSL 3.0 occurs when attempts to negotiate a secure connection fail, webservers sometimes will fall back to an older protocol in order to enable the connection. SSL 3.0 is vulnerable to padding oracle attacks against the webserver putting supposedly encrypted traffic at risk.
“By interfering with the connection between the target client and server, a man-in-the-middle can force a downgrade from TLS 1.0 or newer, more secure protocols, to the SSL 3.0 protocol,” Microsoft explained in its announcement on Tuesday. “The vast majority of the time, a fallback from TLS 1.0 to SSL 3.0 is the result of an innocent error, but this is indistinguishable from a man-in-the-middle attack.”
With yesterday’s IE cumulative update, users can opt in to block SSL 3.0 fallback in the most current version of the browser.
“Enterprise customers are able to configure this behavior via Group Policy, and this behavior will also be configurable via registry or using an easy, one-click Fix it solution,” Microsoft said, adding that configuration details are available in Knowledge Base article 3013210.
Google researcher Adam Langley exposed the TLS issue this week, noting that F5 security appliances, as well as some from A10 Networks were vulnerable. F5 has already patched its boxes, while A10 was expected to patch yesterday.
“This seems like a good moment to reiterate that everything less than TLS 1.2 with an AEAD cipher suite is cryptographically broken. An IETF draft to prohibit RC4 is in Last Call at the moment but it would be wrong to believe that RC4 is uniquely bad,” Langley said.
Yesterday’s IE bulletin, MS14-080, patched 14 memory corruption and ASLR bypass vulnerabilities in versions going back to IE 6 on the client side. The issue was less severe in Windows servers, Microsoft said.