Microsoft fixed a critical vulnerability Tuesday in the Windows cryptographic library that could expose Windows servers to remote code execution attacks. The update also adds support for stronger and more modern cryptographic ciphers to older Windows versions.
"The vulnerability could allow remote code execution if an attacker sends specially crafted packets to a Windows server," Microsoft's said in a security bulletin called MS14-066. However, the flaw is in the Microsoft Secure Channel (SChannel) component that exists in all Windows versions and implements the SSL and TLS cryptographic protocols.
The Microsoft security bulletin makes it clear that an attacker could exploit the vulnerability to execute arbitrary code on a Windows system running as a server. However, it's not as clear whether a malicious HTTPS website could exploit the vulnerability to execute code on a Windows computer when a user visits the site in Internet Explorer, which relies on SChannel for SSL/TLS connections.
A separate Microsoft blog post about assessing the risk for the November security updates suggests that this might be possible. It contains a table that lists the most likely attack vector for MS14-066 as "user browses to a malicious webpage."
Microsoft did not immediately respond to a request for clarifications.
"The vulnerability bulletin provided calls out servers as the potential victims, but the SSL/TLS stack is used every time your browser connects to a secure website (which most are these days)," said Jared DeMott, a security researcher at Bromium, via email. "And it would be straightforward for an attacker with details of this vulnerability, to host a malicious site that offers 'security' via the bogus SSL/TLS packets. Could a malicious website exploit IE with this bug? Until someone reverse engineers the patch, we'll have to wait to hear about how bad it is."
This critical SChannel flaw comes after serious vulnerabilities were found this year in other widely used SSL/TLS libraries, including OpenSSL, GnuTLS and the TLS library used by Apple in Mac OS X and iOS.
But the update described in MS14-066 doesn't only address a security vulnerability. It also adds support for stronger encryption ciphers on older Windows versions.
"This update includes new TLS cipher suites that offer more robust encryption to protect customer information," the security bulletin says. "These new cipher suites all operate in Galois/counter mode (GCM), and two of them offer perfect forward secrecy (PFS) by using DHE key exchange together with RSA authentication."
In recent years, researchers demonstrated attacks against TLS configurations that use the RC4 stream cipher or block ciphers like AES that operate in cipher-block-chaining (CBC) mode. This leaves ciphers that operate in Galois/Counter Mode (GCM) and that are only available in TLS 1.2 as one of the few fully secure alternatives.
Before this new update, the GCM cipher suites with PFS were previously only available on Windows 8.1 and Windows Server 2012 R2.
"While this enhanced data protection is already included for those running the latest platform, the reality is that many of our customers have not yet upgraded their platforms or are in the process," said Matt Thomlinson, vice president for Microsoft Security, in a blog post. "Through a comprehensive engineering effort and extensive testing, we are now also able to offer best-in-class encryption to our customers running older versions of our platforms."
However, it's not all older versions, but only Windows 7, Windows 8, Windows Server 2008 R2 and Windows Server 2012. Although the MS14-066 security patch (KB2992611) is available for Windows Vista and Windows Server 2003 as well, those platforms were not among those enumerated by Thomlinson as also getting the new ciphers.