Microsoft has issued a security advisory on the long standing SSL/TLS vulnerability for which two security researchers have discovered an exploit that takes advantage of the most widely used encryption protocols.
The exploit, dubbed "BEAST" (Browser Exploit Against SSL/TLS Emerges) was debuted at the Ekoparty security conference in Buenos Aires, Argentina.
The exploit, if employed by criminal hackers, could leave highly sensitive financial, online banking, and ecommerce transaction data exposed to interception and harvesting, according to the researchers.
"In the advisory, it is mentioned that the vulnerability could allow the attacker to decrypt the SSL 3.0/TLS 1.0 encrypted traffic. While the affected component is a Windows component, the primary vector is to attack the browser’s use of the HTTPS protocol to intercept sensitive information, such as the session cookie of the HTTPS session," according to a Microsoft blog post.
Microsoft has identified the following about the vulnerability:
Based on our current investigation, the following are mitigating factors that would make any potential attack via currently known exploit vectors difficult or impossible:
- The HTTPS session must be actively attacked by a man-in-the-middle; simply observing the encrypted traffic is not sufficient.
- The malicious code the attacker uses to decrypt the HTTPS traffic must be injected and run within the user’s browser session.
- The attacker’s malicious code needs to be treated as from the same origin as the HTTPS server in order to it to be allowed to piggyback on an existing HTTPS connection. Most likely it requires the attacker to exploit another vulnerability to bypass the browser’s same origin policy.
Therefore, if the user closes all existing HTTP tabs and untrusted HTTPS tabs, then browses to the trusted HTTPS site, such as the log-in page of hotmail.com in a new browser session, and logs out of that HTTPS session before browsing any other HTTP sites or untrusted HTTPS sites, the user will NOT be at risk for this attack...
Newer versions of the SSL/TLS protocols are not susceptible to the exploit, though they are not as widely distributed as the current version, which remains vulnerable. Given that the exploit has not turned up in the wild, experts believe there is little to no danger of widespread data loss occurring prior to vulnerability patches being issued to mitigate the problem.
Microsoft recommends the following workaround:
One workaround we would encourage the web server administrators to do is to give a higher priority for the RC4 Cipher Suite than CBC since the attack only affects cipher suites that use CBC. By giving a higher priority for RC4 on the server, RC4 instead of CBC will be used in the security communication since all of windows clients support RC4, unless put in FIPS compliant configuration. Please refer to this MSDN article to learn how to perform this operation via group policy. It is an effective option for web server administrators using Windows Vista or Windows Server 2008 and later platforms. We recommend putting TLS_RSA_WITH_RC4_128_SHA as the top of the priority list...
For more information on the temporary workaround recommendation issued by Microsoft, consult the following article: