Microsoft Security Advisory (961509)

Purpose of Advisory: To assist customers in assessing the impact of this research announcement on their current certificate deployments.

Advisory Status: Issue Confirmed. No Security Update Planned.

Recommendation: Review the suggested actions and configure as appropriate.

This advisory discusses the following software.

What is the scope of the advisory?
This advisory aims to assist consumers in assessing the risk of certain applications using X.509 digital certificates and to recommend that administrators and certificate authorities cease using MD5 as an algorithm to sign digital certificates.

Is this a security vulnerability that requires Microsoft to issue a security update?
No. Technologies that use a signing mechanism other than MD5 have been available for some time, and the use of MD5 as a hashing algorithm for signing purposes has been discouraged and is no longer a best practice. Microsoft will however evaluate any opportunities to strengthen technologies to detect fraudulent certificates. Although this is not a vulnerability in a Microsoft product, Microsoft is issuing this advisory to help clarify the actual risk involved to customers.

What causes this threat?
The root cause of the problem is a known weakness of the MD5 algorithm which exposes it to collision attacks. Such attacks would allow an attacker to generate additional certificates that have the same digital signature as an original. These issues are well understood and the use of MD5 for specific purposes that require resistance against these attacks has been discouraged. However, these attacks have up until recently been considered difficult to implement. Recent research has now proven that collision attacks are feasible. At Microsoft, the Security Development Lifecycle has required Microsoft to no longer use the MD5 algorithm as a default in Microsoft software.

What might an attacker use this function to do?
An attacker could apply these attacks to fraudulently appear to a user as a legitimate, signed Web site or to send fraudulently signed e-mail. However, the techniques to perform these attacks and the underlying cryptography that facilitate them were not released by the researchers. Attacks would be very unlikely to be implemented at this point in time.

• Review the Microsoft Knowledge Base Article that is associated with this advisory

  Customers who are interested in learning more about the topic covered in this advisory should review Microsoft Knowledge Base Article 961509.

• Keep Windows Updated

  All Windows users should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Windows Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have Automatic Updates enabled, the updates are delivered to you when they are released, but you have to make sure you install them.

• Do not sign digital certificates with MD5

  Certificate Authorities should no longer sign newly generated certificates using the MD5 algorithm, as it is known to be prone to collision attacks. Several alternative and more secure technologies are available, including SHA-1, SHA-256, SHA-384 or SHA-512.

  Impact of action: Older hardware-based solutions may require upgrading to support these newer technologies.