Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Admits XP Has Same Bug As Win2K

Posted by kdawson on from the not-a-security-flaw-no-really dept.

Arashtamere sends in a Computerworld story on a security flaw in the Windows 2000 pseudo-random number generator published by Israeli researchers earlier this month. Microsoft has now admitted that the flaw is present in XP too. Microsoft denies that the bug is a security vulnerability, since an attacker would have to have gained administrative access to a system before exploiting it. (The Israeli researchers point out that many common exploits provide admin access.) This stance apparently lets them off the hook for patching Win2K, which is in "extended support" mode, though it powers about 9% of US and EU business computers. Microsoft said that XP SP3, due in the first half of next year, will fix the bug. The company said that Vista, Windows Server 2003 SP2, and the new Windows Server 2008 are not vulnerable.

45 of 161 comments (clear)

  1. stupid by Anonymous Coward · · Score: 4, Insightful

    if you already have admin access via another "exploit" why would you bother attacking via random number generator, seems like its a lot of fuss over nothing, Windows has alwayss been vunerable locally (luckily for admins whose users forget passwords etc) so the most worry is over a remote exploit which this flaw isnt. But iam sure some million dollar company will sell a solution for this, paranoia is a great sales tool in the murky world of snake oil, cough i mean computer security

    1. Re:stupid by smallfries · · Score: 3, Insightful

      It does if the data is accessed during the period that you have admin access. The process using the data has to manipulate the keys at some point, and if you can access their memory space then any security is toast. This is exactly how the drm on the new drm for blueray / hddvd was cracked.

      This was the point of palladium, that the keys would be locked up inside a separate box, segregated from the processor. Each process would only manipulate opaque handles to the keys.

      One nice aspect of this attack is that if you gain admin access after key generation, but before the entropy pool is refreshed then you can play back the state of the random number generator to recreate the keys after the fact. But this just extends the window slightly, you still need an exploit to get admin first.

      --
      Slashdot: where don knuth is an idiot because he cant grasp the awesome power of php
    2. Re:stupid by Anonymous Coward · · Score: 4, Informative

      Because you own a machine _now_ doesnt give you access to the encryption keys that was generated in the past.

      This PRNG vulnurability does just that. Keys derived from it can be recovered by an attacker who compromises the machine _after_ the key was used and discarded.

    3. Re:stupid by lgw · · Score: 2, Informative

      Because you own a machine _now_ doesnt give you access to the encryption keys that was generated in the past. Except that it pretty much does for Windows NTFS encryption. Thank you "key recovery account". For that matter, on a Windows machine not in a domain with default settings, you can get the NTFS encryption keys with no accounts at all, just stick the drive in your machine and "recover" the keys with the local admin account. Checkbox feature for the win!

      And if you're using real encryption instead, you're not caring about the Windows RNG I hope.
      --
      Socialism: a lie told by totalitarians and believed by fools.
  2. I have to agree with MS on this one... by Blakey+Rat · · Score: 4, Insightful

    If you have admin access, the battle's already lost. What's the point of running a complex process to obtain their password when you have full access to everything on their computer? Might as well just drop in a keylogger and get the same info much easier.

    --
    Comment of the year
    1. Re:I have to agree with MS on this one... by xaoslaad · · Score: 4, Insightful

      Granted, I agree with this for the most part. However, it always seems like there is that one person that looks at a problem like this in a way that no one else had prior and manages something completely expected. It's only at the point that a virus is running amok across half the corporate networks in the world that we find out you did not really need administrative priveleges if you did x, y, z first...

      History is full of examples, probably both within and out of the computing field where people thought that 'that' was impossible...

    2. Re:I have to agree with MS on this one... by abigsmurf · · Score: 5, Funny

      But to say that is to deny our ability to flame MS! Clearly it's an example of MS' incompetence that a random number generator that's 7+ years old has been broken by recent maths and it can be exploited to gain full access when you already have full access!

    3. Re:I have to agree with MS on this one... by John+Betonschaar · · Score: 2, Insightful

      If you have admin access, the battle's already lost. What's the point of running a complex process to obtain their password when you have full access to everything on their computer? Might as well just drop in a keylogger and get the same info much easier.

      Most of the other ways to get to the passwords would leave a detectable trace, especially keyloggers. Or they need a reboot. If you're really after the user passwords, resetting them to something else is also not an option. AFAIK there is no other *easy* way to get a user's password from a locally exploitable Windows box, especially not if you cannot reboot it without being detected.

      So in some cases, where a hacker with local access to a Windows box wants to have a user password without leaving a trace, an attack like this would be interesting.

      I admit It's all a bit hypothetical... Still, it's not very nice to have a possible security hole like this and not patching it.

    4. Re:I have to agree with MS on this one... by joss · · Score: 2, Interesting

      The point is that people often use the same passwords
      on multiple systems. If you can crack them you can
      very likely gain access to other systems without having
      to wait for uses to login at a time when you dont know
      how long you have control of the system

      --
      http://rareformnewmedia.com/
    5. Re:I have to agree with MS on this one... by Terrasque · · Score: 2, Insightful

      This is how I read it :

      "At the moment we know of no way to abuse this bug without already having obtained Administrative access."

      I will almost bet money that there is a smart bugger out there which find a way to abuse this.
      That we don't know of a fearsible attack right now is no excuse not to fix the bug IMHO.

      --
      It's The Golden Rule: "He who has the gold makes the rules."
    6. Re:I have to agree with MS on this one... by mosch · · Score: 5, Insightful

      If you truly agree with MSFT, then you should quit working in computers right now, for everybody's sake.

      Many corporate computers have local admin accounts that are likely to share a user/password combo across large numbers of machines. A keylogger might not get you these credentials, but the ability to crack these credentials could get you admin access to a huge number of other computers.

      It is people like you who make sure that security consultants will never want for work.

    7. Re:I have to agree with MS on this one... by webmaster404 · · Score: 3, Insightful

      The fact though still remains that Windows is a proprietary, closed-source operating system. If it was open-source much like Linux or BSD, the bug would have been fixed sooner and you could patch your own system, if MS doesn't see it is a security threat it won't get patched. Also, who is to say that crackers haven't found the bug out earlier? If it was Linux, the potential would be very minor for widespread devastation due to differing kernel versions and different patches for different kernel versions. About the only way for a sure-fire attack on the Linux kernel is to attack a distro without any patches but even the most popular distro still has 3 versions still receving support (7.10, 7.04 and LTS) (Ubuntu) and that would make an attack very hard if only 2 of the 3 had it and a patch was released quickly. Its the danger of a propriatary operating system, you never know who knows what and even if you will receive a patch, Linux you can audit the code yourself and rely on the community if you so choose.

      --
      There is no "disagree" moderation, and troll, flamebait and overrated are not valid substitutes
    8. Re:I have to agree with MS on this one... by ScrewMaster · · Score: 3, Funny

      You're wasting your breath having a dialog with someone who refers to two of the major operating systems on the market as "Linuzzz" and "Abbles OS".

      --
      The higher the technology, the sharper that two-edged sword.
    9. Re:I have to agree with MS on this one... by Rogerborg · · Score: 3, Funny

      You have a monitor to turn on? Pwwwp, noob. I don't even have a keyboard; I'm writing this by shorting a PCB with paperclips.

      --
      If you were blocking sigs, you wouldn't have to read this.
    10. Re:I have to agree with MS on this one... by empaler · · Score: 2, Funny

      I believe the words you were looking for are:
      YHBT. YHL. HAND.

    11. Re:I have to agree with MS on this one... by RightSaidFred99 · · Score: 2, Insightful

      Yeah, because Microsoft doesn't know what they're talking about. This is a PRNG flaw, it doesn't help you "get credentials" in terms of getting Windows logins/passwords. For Christ's sake. Once you have access to the machine, you can theoretically access any encrypted data on the machine because you can get the session keys for e.g. SSL sessions. But, of course, since you already have admin access you could do this any of various other ways anyway.

    12. Re:I have to agree with MS on this one... by El+Lobo · · Score: 3, Insightful

      Hmm... so if somebody writes M$ that makes him obviously a troll? OK, so 5/6 of the posts here are trolls then if you are right.

      --
      It's time to realise that Abble's products are the biggest abomination these days. Just say NO to the dumb iAbble way!!
    13. Re:I have to agree with MS on this one... by Ash+Vince · · Score: 2, Insightful

      I know twitter/erris posts regularly but not that often. What the hells has that got to do with anything?

      Plenty of people call microsoft M$. Personally I prefer calling them MicroShite but that is my preference.

      Twitter also occasionally makes some valid points in some of his posts but who cares about facts when you can just slag someone off without taking the time to exercise your brain.

      I am not saying the Linux is perfect, it pisses me off just as regularly as Windows does but at least with Linux I can do something about it like commit a patch. With Windows I might as well just lump it as there is nothing I can do to help remedy the situation.

      This is what a lot if Windows and Apple fan boys miss. Linux does not annoy as many coders as we feel we can remedy the things about said OS that annoy us, whereas with windows there is the feeling of complete powerlessness to fix problems even if you can isolate exactly what causes them. For anyone who programs computers, relies on them to work and encounters the same bug regularly this becomes tremendously frustrating as it prevents true self-reliance.

      To come up with a car analogy it is like having to pay for a cab regularly because your car is constantly in the auto shop getting repaired for an issue you could fix if only it would not void your warranty.
      --
      I dont read /. to RTFA, I read /. to offend people in ignorance.
    14. Re:I have to agree with MS on this one... by Legume · · Score: 2, Insightful

      Hmm... so if somebody writes M$ that makes him obviously a troll?

      Yes.

      OK, so 5/6 of the posts here are trolls then if you are right.

      Yes.

      Terms like M$, Linuzzz etc. amount to petty, schoolyard name-calling. Useful dialog is only diminished by them.
  3. At last... by EsbenMoseHansen · · Score: 5, Funny

    A reason to upgrade to Vista! ;)

    --
    Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.
    1. Re:At last... by Anonymous Coward · · Score: 2, Funny

      Yes sir, Vista it is. Then Window 7 will fix Vista security ... we should wait for Window 7 or better Window 8 ... Right?

    2. Re:At last... by rapidweather · · Score: 2, Funny

      And, no "upgrade" is really necessary, Vista comes preinstalled on all new PC's!
      At the cost of "upgrading" your old PC, you can get a new box with much more power than you need!
      (now, where is that Open SuSE installation CD...)
      Got to hand it to those Novell people, that's a nice OS!
      Anyone here manage to get Vista and Open SuSE to "dual boot", and if so, any issues?

      --
      Rapidweather's Linux Screenshots.
  4. THe paper refered to. by leuk_he · · Score: 4, Insightful

    This article refers to this summary of this paper

    I fail to see why you would need administative privelidges however. You would only need to run in the userspace of the process that did run the random number generator before. Having administrative privs would be nice to inject code into that userspace, but is not needed i think.

    It can get even worse if from a public key part the random number that was used to generate it can be extracted, what was done in early ssl implementation attacks.

    1. Re:THe paper refered to. by MoogMan · · Score: 3, Insightful

      As the winsock TCP/IP stack randomises it's TCP sequence numbers, I would suggest that it's very likely that it uses a PRNG output directly, and therefore is at risk of being spoofable.

      Theoretically, one would need knowledge of just one TCP sequence number, and then it could generate the future sequence numbers coming out of the box. Therefore one would be able to hijack TCP/IP sessions *much* faster and easier than before.

      Anyone know to the contrary?

  5. Article by cbart387 · · Score: 5, Interesting

    Here is the original article on the ACM.

    Very brief summary of article
    Each process has their own instance of the generator, and the refresh of the internal state is done after 128 kbs of output from the generator (roughly 600-1200 SSL connections with IE). Not only that, it is run in the userspace so it is not a security violation to examine the internal state of the generator. The function used is not one-way which provides a means looking at past transactions of a user (within the 128 kbs of data).

    --
    Lack of planning on your part does not constitute an emergency on mine.
  6. Naw. You just have to take a different approach. by khasim · · Score: 3, Insightful

    Microsoft claims this is not a "security vulnerability" because the machine has to already have been cracked to exploit it.

    That is not 100% correct.

    It is still a "security vulnerability".

    It just cannot be exploited to increase your access on that machine.

    That we know of. Today. So the code still needs to be patched. Security is not an "either / or" situation. You have to reduce the effectiveness of threats.

  7. Open crypto algorithms; no fix for Win2K by compumike · · Score: 5, Insightful

    While in general I think open-source and closed-source software can coexist, I think this is a pretty good example of why anything related to crypto should be open. All of public key cryptography relies on the secrecy of private keys, not on the secrecy of the algorithm itself. And while they might have faithfully implemented the algorithm, who knows what kinds of arguments/whatever to the crypto functions might cause undesired results -- it's just too hard to test.

    In any case, the thing that surprised me most from the article was that Windows 2000 users would be left out in the cold: "Because the company has determined that the PRNG problem is not a security vulnerability, it is unlikely to provide a patch [for Win2K]." Wow. Especially when it's something this easy to fix. This bug also solves any attacker's problem of trying to sort valuable from non-valuable information, since presumably any valuable information (credit cards used online, etc) will use encryption. And while someone suggested that a program should use its own random number generator, there is a problem because, in general, your application (not running as Admin) shouldn't have access to nearly the same amount of entropy sources (like network activity, GUI inputs, etc).

    --
    Educational microcontroller kits for the digital generation -- great gift!

    1. Re:Open crypto algorithms; no fix for Win2K by guy-in-corner · · Score: 2, Informative

      Especially when it's something this easy to fix.

      It might be easy to code the fix, but it's (at least) an order of magnitude more work to actually test it. Windows supports thousands of different hardware configurations, in hundreds of different languages.

      Yeah, Microsoft could release this as a hotfix. For any customer that screams loud enough (and pays enough), they may well do.

      To be honest, I'd rather see Microsoft focus their efforts on XP SP3, Vista SP1 and 2008 RTM (2003 SP2 only just came out, so I'll let that slide). I can't say that I'm fussed about seeing Windows 2000 SP5, and I'm sure that the vast majority of Microsoft's customers aren't either.

      On a personal note, I'm fed up with supporting Windows 2000 (it's 7 years old, for FSM's sake!), so I've gotta come down on Microsoft's side on this one.

    2. Re:Open crypto algorithms; no fix for Win2K by lgw · · Score: 2, Insightful

      Does 7 years sound like a long time for a computer product to be in service to you? What platform do you work with again?

      --
      Socialism: a lie told by totalitarians and believed by fools.
    3. Re:Open crypto algorithms; no fix for Win2K by TheAwfulTruth · · Score: 2, Insightful

      Exactly how many Linux distributers support 7 year old versions of their OS?!?!?

      (Well MAYBE Debian...)

      Most of them crap out after 12 months!

      --
      Contrary to popular belief, coding is not all free blow-jobs and beer. Those things cost MONEY!
    4. Re:Open crypto algorithms; no fix for Win2K by owlstead · · Score: 2

      "It might be easy to code the fix, but it's (at least) an order of magnitude more work to actually test it."

      Well, that depends. They already have the code and it is not that the API needs to much testing I suppose. I mean, getRandomXxx() with some 4 different strings for Xxx should be enough. Feed the output into a FIPS random number testing tool (for testing weirdness, I mean the code has already been tested in other configurations) and go.

      Sure it is a bit of work, but the test code should be available already as well. It's not like there have been too many system changes between 2003 and XP afaik.

  8. Re:I Post Anonymously by cloakable · · Score: 3, Insightful

    It's flamebait because the GP didn't have to call people retarded, in order to get his or her point across.

    They also could have worded this a lot more diplomatically than they did. So yes, the GP is flamebait.

    --
    No tyrant thrives when every subject says no.
  9. Re:Naw. You just have to take a different approach by UncleTogie · · Score: 3, Interesting

    Microsoft claims this is not a "security vulnerability"...

    Thanks for the flashback to l0pht's old page....! For those who don't remember it before it got rolled into @stake:

    "'That vulnerability is entirely theoretical.'-- Microsoft;
    L0pht, making the theoretical practical since 1992."
    --
    Don't tell me to get a life. I'm a gamer; I have LOTS of lives!
  10. Re:I Post Anonymously by cloakable · · Score: 2

    Possibly. What would be better still is to show, provably that those he was calling morons/idiots, were indeed morons/idiots. As it is, he just insulted all slashdotters (including me, obviously), many of whom are not either.

    --
    No tyrant thrives when every subject says no.
  11. One of many ... by ScrewMaster · · Score: 2, Funny

    Microsoft Admits XP Has Same Bug As Win2K

    More correctly, "Microsoft Admits XP has same bugs as Win2K."

    --
    The higher the technology, the sharper that two-edged sword.
  12. No hotfix ? by Anonymous Coward · · Score: 3, Interesting

    >Microsoft said that XP SP3, due in the first half of next year, will fix the bug.

    It should be an offence to know and state you know about a bug but sit on the fix for months. This is a really stupid MS position and will push people more towards alternatives like GNU/Linux.
    It should be a hot fix right now.

  13. Meanwhile, in the *nix by DrYak · · Score: 3, Informative

    Meanwhile, free/libre open-source unices like Linux and *BSD have been having a sound random generator that doesn't suck too much for, like, ages...

    No, sorry, you can keep Vista for yourself.

    --
    "Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
    1. Re:Meanwhile, in the *nix by Anonymous Coward · · Score: 2, Informative

      The Linux RNG was vulnerable in the past too. What was your point?

    2. Re:Meanwhile, in the *nix by trifish · · Score: 2, Informative

      Yes, the Linux random number generator was vulnerable in the past too. See e.g. http://eprint.iacr.org/2006/086.pdf

  14. Re:Naw. You just have to take a different approach by fatphil · · Score: 2, Informative

    One concrete weakness of this attack is that it permits you to reverse-engineer "secure" sessions _before_ you got admin privilege, as the random number generator can be 'rewound'.

    So-called forward security (yes, looking at things in the past is 'forward' :-) ) is an important trait, and MS's scheme is missing it.

    --
    Also FatPhil on SoylentNews, id 863
  15. This is Why Open Source is Good. by Stephen+Samuel · · Score: 4, Insightful
    If this bug was in RedHat 5.2, there would be no issue about getting this critical bug fixed. If nothing else, I could just fix it myself -- and put the necessary patches to the source packages on my website.

    No worries about whether or not it's even legal to fix a machine that I'm using to run my business.

    --
    Free Software: Like love, it grows best when given away.
  16. Re:I Post Anonymously by cloakable · · Score: 2

    Hell no, but the onus of proof is not on me :) I'm not the one accusing.

    --
    No tyrant thrives when every subject says no.
  17. Re:Maybe the best solution is your own RNG? by ajs318 · · Score: 2, Informative

    And your "random"-number generator, unless based on a proven algorithm, might well have vulnerabilities of its own to worry about. If you keep the source code secret, no serious security person is going to touch it with a barge pole; and if you show the source code, then your extra layer is largely irrelevant since the sequence only depends on a seed supplied by Microsoft's PRNG.

    The nub of the problem is that a deterministic state machine can never produce random behaviour. The long term solution would be an entropy generator on the motherboard. (Actually, many machines have one already: a sound card with an unconnected high-impedance input picking up static is a good entropy source.)

    --
    Je fume. Tu fumes. Nous fûmes!
  18. You use the same password on other machines by goombah99 · · Score: 2, Insightful

    Knowing someone's password can be handy. Most folks use the same password on multiple machines or entire networks. Moreover they seldom change them.

    --
    Some drink at the fountain of knowledge. Others just gargle.
  19. It's not about hard disk encryption by Schraegstrichpunkt · · Score: 2, Informative

    CryptGenRandom is supposed to be the Windows-equivalent of /dev/urandom. Except it's not, because of this design flaw. The implications of this extend far beyond encrypted NTFS volumes.

    For example, an attacker can passively monitor a network of Windows machines, wait for one of them to do something interesting (like connect via SSL www.paypal.com), then actively compromise those selected machines later, and gain enough information to decrypt the captured SSL sessions.

    Basically, if you encrypt something sensitive, before some spyware gets installed on your Windows machine---or after it's removed---the random data used for the encryption (including stuff like SSH session keys) is likely to be compromised (except perhaps in cases where you've rebooted or restarted the requisite processes in the meantime).

    Do not underestimate the severity of this bug.

    --
    http://outcampaign.org/