The critical vulnerability in the Schannel technology in Windows that Microsoft patched Tuesday is ripe for exploitation, experts say, and continues the long line of severe vulnerabilities in major SSL/TLS implementations in recent months.
Secure Channel, also known as Schannel, is a technology that’s used in Windows to implement SSL and TLS, the main secure communications protocols. The technology is in every supported version of Windows, and it can be exploited remotely by unauthenticated attackers. The company said that the vulnerability was found during a “proactive security audit”.
“A remote code execution vulnerability exists in the Secure Channel (Schannel) security package due to the improper processing of specially crafted packets. Microsoft received information about this vulnerability through coordinated vulnerability disclosure. When this security bulletin was issued, Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers. The update addresses the vulnerability by correcting how Schannel sanitizes specially crafted packets,” Microsoft said in its advisory.
In order to exploit the vulnerability, an attacker only needs to control a malicious Web page with the exploit code and have users visit it. The Schannle vulnerability follows in the dubious footsteps of many other SSL/TLS vulnerabilities that have appeared on the landscape in the last couple of years. The leader of the pack in this regard is Heartbleed, the notorious flaw in OpenSSL that threw the security community into a frenzy in the spring. That vulnerability enables an attacker to read the memory of systems protected by vulnerable versions of the software under certain circumstances. This can allow them to steal SSL keys and decrypt protected communications.
“Microsoft stated that this vulnerability will allow remote code execution and that it can be used to exploit servers. Microsoft also assigned this vulnerability an exploitability of ‘1’, indicating that an exploit is likely going to be developed soon. But other then that, very little has been released publicly about the nature of the vulnerability,” Johannes Ullrich of the SANS Institute said in a blog post.
“My guess is that you probably have a week, maybe less, to patch your systems before an exploit is released. You got a good inventory of your systems? Then you are in good shape to make this work. For the rest (vast majority?): While you patch, also figure out counter measures and alternative emergency configurations.”
In June, a critical flaw was discovered in GnuTLS, a popular open-source cryptographic library, that allows an attacker to run arbitrary code.
“A flaw was found in the way GnuTLS parsed session IDs from Server Hello packets of the TLS/SSL handshake,” said Tomas Hoger in an advisory posted by Red Hat. “A malicious server could use this flaw to send an excessively long session ID value and trigger a buffer overflow in a connecting TLS/SSL client using GnuTLS, causing it to crash or, possibly, execute arbitrary code.”
More recently, researchers at Google disclosed a new attack on SSLv3 called POODLE that enables an attacker with a man-in-the-middle position to force a target server to fallback to the weak SSLv3 protocol. If he can then force the user to run some Javascript in his browser, the attacker will eventually be able to decrypt the protected connection.
Microsoft also added several new ciphersuites to its TLS implementation in Windows.
“In addition to the changes that are listed in the Vulnerability Information section of this bulletin, this update includes changes to available TLS cipher suites. This update includes new TLS cipher suites that offer more robust encryption to protect customer information. These new cipher suites all operate in Galois/counter mode (GCM), and two of them offer perfect forward secrecy (PFS) by using DHE key exchange together with RSA authentication,” the advisory says.
