Protocol vs Implementation. Why MS14-066 and SChannel got my goat
This Patch Tuesday (yesterday 11/11/14), Microsoft released a bunch of advisories and patches for a number of issues in a variety of their products, nothing new here so far. However, one of them stood out: MS14-066.
You can read the bulletin here https://technet.microsoft.com/library/security/MS14-066, and the corresponding knowledge base article is here https://support.microsoft.com/kb/2992611.The reason for its critical rating is that it allows remote code execution in the crypto implementation for nearly all Microsoft products.
So far so good, right? The problem has been identified and an update is available…
Well No actually, not good, at all.
What everyone seems to have failed to point out is that this is resolutely not a protocol specification problem, Microsoft haven’t neglectfully specified poor crypto in their products. It is an implementation problem, and a deep rooted one. It goes to the core of how Microsoft have implemented the protocol suites in their SChannel crypto framework.
This is important because, in general, users can’t tell the difference between protocol and implementation. It’s sometimes a struggle to get vendors to implement strong crypto in their products. Any lack of understanding in how something is implemented compared to how it is specified compounds the problem.
I’m not saying that the protocol is perfect, and I’d almost bet the house on the fact that something will crop up with the current, most secure cryptographic protocols such as TLSv1.2 in the future.
Take a look at the following link on SecurityFocus by Wietse Venema for an example of how a cryptographic protocol is broken:
…and more information here:
Sometimes users’ faith in security is knocked, and issues like this don’t do anything to help fix that. I’ve made it my job to see that users are educated and have the facts that they need as opposed to the fluff that they don’t.