Microsoft Security Bulletin MS15-031 - Important

Vulnerability in Schannel Could Allow Security Feature Bypass (3046049)

Published: March 10, 2015 | Updated: March 24, 2015

Version: 1.1

Executive Summary

This security update resolves a vulnerability in Microsoft Windows that facilitates exploitation of the publicly disclosed FREAK technique, an industry-wide issue that is not specific to Windows operating systems. The vulnerability could allow a man-in-the-middle (MiTM) attacker to force the downgrading of the key length of an RSA key to EXPORT-grade length in a TLS connection. Any Windows system using Schannel to connect to a remote TLS server with an insecure cipher suite is affected.

This security update is rated Important for all supported releases of Microsoft Windows. For more information, see the Affected Software section.

The security update addresses the vulnerability by correcting the cipher suite enforcement policies that are used when server keys are exchanged between servers and client systems. For more information about the vulnerability, see the Vulnerability Information section.

This security update also addresses the vulnerability first described in Microsoft Security Advisory 3046015.

For more information about this update, see Microsoft Knowledge Base Article 3046049.

Affected Software

The following software versions or editions are affected. Versions or editions that are not listed are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, see Microsoft Support Lifecycle.

Note The update is available for Windows Technical Preview and Windows Server Technical Preview. Customers running these operating systems are encouraged to apply the update, which is available via Windows Update.

^[1]This update is available via Windows Update only.

Update FAQ

After installing the update, EXPORT ciphers are still enabled on Windows Server 2003; how do I disable them?
To disable the EXPORT ciphers on Windows Server 2003 systems, follow the guidance provided in Microsoft Knowledge Base Article 3050509.

Severity Ratings and Vulnerability Identifiers

The following severity ratings assume the potential maximum impact of the vulnerability. For information regarding the likelihood, within 30 days of this security bulletin's release, of the exploitability of the vulnerability in relation to its severity rating and security impact, please see the Exploitability Index in the March bulletin summary.

Vulnerability Information

Schannel Security Feature Bypass Vulnerability - CVE-2015-1637

A security feature bypass vulnerability exists in Secure Channel (Schannel) that is caused by an issue in the TLS state machine whereby a client system accepts an RSA key with a shorter key length than the originally negotiated key length. The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems.

In a man-in-the-middle (MiTM) attack, an attacker could downgrade the key length of an RSA key to EXPORT-grade length in an encrypted TLS session. The attacker could then intercept and decrypt this traffic. Any Windows system connecting to a TLS server as a client is affected. An attacker who successfully exploited this vulnerability could perform MiTM attacks that could decrypt encrypted traffic.

The security update addresses the vulnerability by correcting the cipher suite enforcement policies that are used when server keys are exchanged between servers and client systems.

This vulnerability has been publicly disclosed. It has been assigned Common Vulnerability and Exposure number CVE-2015-1637. When this bulletin was originally released, Microsoft had not received any information to indicate that this issue had been publicly used to attack customers.

Mitigating Factors

The following mitigating factors may be helpful in your situation:

• A server needs to support RSA key exchange EXPORT ciphers for an attack to be successful; the ciphers are disabled in default configurations of Windows Vista/Server 2008 and later operating systems.

Workarounds

The following workarounds may be helpful in your situation:

• Disable RSA key exchange ciphers using the Group Policy Object Editor (Windows Vista and later systems only)
  You can disable the RSA key exchange ciphers in Windows Vista and later systems by modifying the SSL Cipher Suite order in the Group Policy Object Editor.

  Note Installing this update (3046049) protects systems from the vulnerability discussed in this bulletin. Customers who have previously implemented this workaround will need to follow the steps for undoing the workaround if they want to use any of the ciphers that were previously disabled.

  To disable the RSA key exchange ciphers you have to specify the ciphers that Windows should use by performing the following steps:

  1. At a command prompt, type gpedit.msc and press Enter to start the Group Policy Object Editor.

  2. Expand Computer Configuration, Administrative Templates, Network, and then click SSL Configuration Settings.

  3. Under SSL Configuration Settings, double-click SSL Cipher Suite Order.

  4. In the SSL Cipher Suite Order window, click Enabled.

  5. In the Options: pane, double-click to highlight the entire contents of the SSL Cipher Suites field and then replace its contents with the following cipher list:

     TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256,
      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384,
      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,
      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,
      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,
      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,
      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,
      TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,
      TLS_DHE_RSA_WITH_AES_256_GCM_SHA384,
      TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,
      TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,
      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,
      TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,
      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384,
      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,
      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384,
      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,
      TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384,
      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,
      TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384,
      TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,
      TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,
      TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
      TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
      TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA`
     

  6. Click OK

  7. Close the Group Policy Object Editor and then restart your system.

    Impact of workaround. Windows will fail to connect to systems that do not support any of the ciphers listed in the workaround. To determine which ciphers are available for each cryptographic protocol refer to Cipher Suites in Schannel.

How to undo the workaround. Follow these steps to disable the SSL Cipher Suite Order policy setting:

1. At a command prompt, type gpedit.msc and press Enter to start the Group Policy Object Editor.
2. Expand Computer Configuration, Administrative Templates, Network, and then click SSL Configuration Settings.
3. Under SSL Configuration Settings, double-click SSL Cipher Suite Order.
4. In the SSL Cipher Suite Order window, click Disabled and then click OK.
5. Close the Group Policy Object Editor and then restart your system.

Security Update Deployment

For Security Update Deployment information, see the Microsoft Knowledge Base article referenced in the Executive Summary.

Acknowledgments

Microsoft recognizes the efforts of those in the security community who help us protect customers through coordinated vulnerability disclosure. See Acknowledgments for more information.

Disclaimer

The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions

• V1.0 (March 10, 2015): Bulletin published.
• V1.1 (March 24, 2015): Revised bulletin to add an FAQ directing customers to Microsoft Knowledge Base Article 3050509 for instructions on how to disable EXPORT ciphers after installing the update on Windows Server 2003 systems.

Page generated 2015-03-23 16:56Z-07:00.