Jump to content


FREAK security bypass vuln - MS Security Advisory 3046015

  • Please log in to reply
No replies to this topic

#1 AplusWebMaster



  • SWI Friend
  • PipPipPipPipPip
  • 11,104 posts

Posted 06 March 2015 - 04:38 AM


Microsoft Security Advisory 3046015
Vulnerability in Schannel Could Allow Security Feature Bypass
- https://technet.micr...ty/3046015.aspx
March 5, 2015 - "Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows. Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system. The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems. When this security advisory was originally released, Microsoft had not received any information to indicate that this issue had been publicly used to attack customers. We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers. Upon completion of this investigation, Microsoft will take the appropriate action to help protect customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.
Mitigating Factors: A server needs to support RSA key exchange export ciphers for an attack to be successful.
Recommendation: Please see the Suggested Actions section of this advisory for workarounds* to disable the RSA export ciphers. Microsoft recommends that customers use these workarounds to mitigate this vulnerability...
* https://technet.micr...ply_Workarounds
Workarounds refer to a setting or configuration change that does not correct the underlying issue but would help block known attack vectors before a security update is available.
• Disable RSA key exchange ciphers using the Group Policy Object Editor (Windows Vista and later systems only).
You can disable the RSA key exchange ciphers in Windows Vista and later systems by modifying the SSL Cipher Suite order in the Group Policy Object Editor..."
(More detail at the MS URL above.)

>> Browser check: https://freakattack.com/ || https://www.ssllabs....ewMyClient.html
"...If you run a server …
You should immediately disable support for TLS export cipher suites. While you’re at it, you should also disable other cipher suites that are known to be insecure and enable forward secrecy. For instructions on how to secure popular HTTPS server software, we recommend Mozilla’s security configuration guide and their SSL configuration generator. We also recommend testing your configuration with the Qualys SSL Labs SSL Server Test tool**.
If you use a browser …
Make sure you have the most recent version of your browser installed, and check for updates frequently. Updates that fix the FREAK attack should be available for all major browsers soon.
** https://www.ssllabs.com/ssltest/

> https://web.nvd.nist...d=CVE-2015-1637
Last revised: 03/06/2015

- https://web.nvd.nist...d=CVE-2015-0204 - 5.0
Last revised: 03/05/2015

- http://blog.trendmic...ker-encryption/
"... Microsoft[1] has confirmed all version of Windows are vulnerable. Red Hat confirmed that versions 6 and 7 of Red Hat Enterprise Linux (RHEL)[2] are vulnerable as well. Browsers that are vulnerable to the FREAK vulnerability include Internet Explorer[3], Opera (Mac OS X / Linux)[3], and Safari[3]..."
1] https://technet.micr...ecurity/3046015

2] https://access.redha...rticles/1369543

3] http://thehackernews...rability_5.html

- https://www.us-cert....S-Vulnerability
Mar 6, 2015 - "FREAK (Factoring Attack on RSA-EXPORT Keys CVE-2015-0204) is a weakness in some implementations of SSL/TLS that may allow an attacker to decrypt secure communications between vulnerable clients and servers. Google has released an updated version of its Android OS and Chrome browser for OS X to mitigate the vulnerability. Microsoft has released a Security Advisory that includes a workaround for supported Windows systems. Users and administrators are encouraged to review Vulnerability Note VU#243585* for more information and apply all necessary mitigations as vendors make them available. Users may visit freakattack.com** to help determine whether their browsers are vulnerable..."
* http://www.kb.cert.org/vuls/id/243585

** https://freakattack.com/

Microsoft Security Advisory 3046015
Vulnerability in Schannel Could Allow Security Feature Bypass
- https://technet.micr...ty/3046015.aspx
Updated: March 10, 2015 - "... We have issued Microsoft Security Bulletin MS15-031* to address this issue. For more information about this issue, including download links for an available security update, please review the security bulletin. The vulnerability addressed is the Schannel Security Feature Bypass Vulnerability - https://web.nvd.nist...d=CVE-2015-1637 "

* https://technet.micr...curity/MS15-031
March 10, 2015 - "This security update resolves a vulnerability in Microsoft Windows that facilitates exploitation of the publicly disclosed FREAK technique, an industry-wide issue that is not specific to Windows operating systems. The vulnerability could allow a man-in-the-middle (MiTM) attacker to force the downgrading of the key length of an RSA key to EXPORT-grade length in a TLS connection. Any Windows system using Schannel to connect to a remote TLS server with an insecure cipher suite is affected... This security update also addresses the vulnerability first described in Microsoft Security Advisory 3046015[1]. For more information about this update, see Microsoft Knowledge Base Article 3046049[2]."

1] https://technet.micr...dvisory/3046015

2] https://support.micr....com/kb/3046049

:ph34r: :ph34r:

Edited by AplusWebMaster, 10 March 2015 - 05:04 PM.

.The machine has no brain.
 ......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...

Member of UNITE
Support SpywareInfo Forum - click the button