While yesterday was Patch Tuesday, Microsoft didn’t just release fixes for security vulnerabilities. It also announced moves to improve the cryptographic integrity of Windows as a platform.
First, Microsoft officially began discontinuing the use of the RC4 cipher. With the introduction of Windows 8.1 and Internet Explorer 11, MS products now default to TLS 1.2 and support for the RC4 cipher has been dropped.
The use of RC4 has been a bit controversial as it has many known weaknesses and calls for its retirement have been discussed for some time.
The problem is stream ciphers like RC4 were one the primary defenses used by many websites against the infamous BEAST and Lucky Thirteen attacks.
Fortunately TLS 1.2 and AES-GCM are not vulnerable to these attacks and can now officially be considered mainstream.
Not running Windows 8.1 with Internet Explorer 11? Google Chrome, Firefox, Safari and Opera also support TLS 1.2.
Microsoft also provides a mechanism to disable the use of RC4 in Windows 7, 8, RT, Server 2008 R2 and Server 2012.
With Microsoft on board, hopefully we can bid goodbye to old versions of SSL and TLS for good.
Microsoft’s second announcement was that beginning on January 1, 2016 Windows will no longer support the use of X.509 certificates issued using the SHA-1 hashing algorithm for SSL and software code signing.
This is a welcome proactive move by Microsoft after having been burned when MD5 certificates were abused through a collision in the Flame malware last year.
MD5 was considered weak for many years, but still supported by Windows because many certificate authorities were lax in updating and still issuing valid MD5 certificates long after they should have.
Microsoft seems to realize its job is to use its dominant market presence to lead, not follow. While SHA-1 is significantly stronger than MD5 was when it was dropped, Microsoft is dropping support before it is abused.
Be sure your certificates are using SHA-2 from here forward and when you renew your certificates make sure your Certificate Authority isn’t setting you up to fail in January 2016.
4 comments on “Microsoft leads the way, setting new cryptographic defaults”
Update KB2868725 was the only important update to fail in the current batch on my machine.
Does this indicate that my machine has already been compromised?
No, I imagine it just means the update failed. Not sure why. Wait a week and try again.
Having checked the relevant registry keys as advised by Microsoft’s security advisory for disabling RC4, I find they are empty, as noted in the advisory for restricting the use of Schannel.dll.
So I guess I’m already safe, huh?
I work with certificates a bit. I’ve never seen one signed using SHA2. Figuring Microsoft would lead by example, I chekced out the CERT for hotmail.com. Even tjhough it was just issued this year in May, and it’s good until well into year 2015, it says:
Signature Algorithm: sha1WithRSAEncryption
And does this restriction also mean that root CA certificates, many of which expire far, far into the future, will also fail to pass muster because they probably all still use an SHA1 signature.
This is probably a good, proactive move on Microsoft’s part, but I have a feeling many sites will be caught off-guard by this. One small example: it is possible to buy three-year certificates at many CAs, which puts you solidly into the year 2016. See?