Microsoft has relased a security advisory about the TLS/SSL attack developed by Juliano Rizzo and Thai Duong and also has made a FixIt tool available to help server administrators switch on support for newer versions of the protocol that aren’t vulnerable to the attack.
The Microsoft advisory lays out some of the technical details of the attack, which involves a long-known weakness in the TLS protocol related to the way that it handles data when in CBC (cipher-block chaining) mode. Rizzo and Duong were able to extend an existing attack against the weakness that allows them to decrypt user cookies for secure sessions on the fly. The attack works against TLS 1.0, which is an old version of the protocol, but the server-side support for newer versions such as TLS 1.1 and 1.2 is low.
There are some mitigating factors for the attack, as Microsoft points out in a blog post from Jerry Bryant.
“We are not aware of a way to exploit this issue in other protocols or components, and we have no reports of exploitation in the wild at this time; our investigation continues, but our research so far indicates that customers are at minimal risk,” Bryant said.
In order for the attack to succeed, the attacker needs the victim to be on an active HTTPS session, be able to inject the malicious code into the victim’s browser and have that code be treated as coming from the same origin as the active HTTPS session. The advances that Rizzo and Duong made to the existing attack on the TLS weakness included a custom tool that can inject their malicious code into the victim’s browser.
The FixIt tool that Microsoft released will automatically enable support for TLS 1.1 in Internet Explorer and in Windows 7 or Windows Server 2008.
“We would also encourage users and web administrators to enable the newer security protocols, such as TLS 1.1, on both the client side and the server side. If the browser and web server both enable TLS 1.1, the HTTPS traffic uses TLS 1.1 protocol instead of SSL 3.0/TLS 1.0, and thus won’t be affected by such attacks. TLS 1.1 protocol is supported in Windows 7 and Windows 2008 R2,” Microsoft’s SWIAT team wrote in a blog post on the mitigations.
The main problem with enabling support for newer versions of the TLS protocol on the client side, which would protect against the attack, is that the vast majority of sites don’t support it. Unless both the server and client have the newer version enabled, it doesn’t help.