Dear Venafi customer,
The Flame malware, which came into public awareness near the end of May 2012, highlights the compromise of MD5-hashed certificates used to set up man-in-the-middle attacks on Microsoft licensing and update mechanisms. Microsoft has since issued an emergency patch to numerous systems to move the three fraudulent certificates to the un-trusted store in an effort to close the door on the attack vector.
While Microsoft has eliminated this specific vulnerability to fraudulent Microsoft certificates, organizations with instances of MD5 certificates on their own networks (internal and external) remain vulnerable to MD5 compromise risk. Professional hackers and insiders can exploit MD5 vulnerabilities to spoof certificates to perform similar man-in-the-middle attacks in order to gain access to corporate assets. We have statistically valid samples which demonstrate that virtually all enterprises in the Global 3000 have MD5 certificates pervasively deployed throughout their networks today.
Venafi customers who have deployed Director Certificate Manager and who are running repetitive discoveries on their network will know the number and location of MD5 certificates on their network today. With that remediation data, we strongly recommend that you remove or replace these vulnerable certificates immediately.
If you are also managing the certificates and have enabled Provisioning then you can automatically replace the vulnerable certificates using the Provisioning features of Director.
We also recommend that all certificates be put under Director management and that no certificates be issued that do not conform to the policies you have established.
The major failure mode of this increasingly common attack on certificates is a lack of management attention to the policies and best practices.
As a Venafi customer you have the applications and platforms in place to manage certificates so that you are not vulnerable to the attack on certificates as evidenced by the Flame malware.
We are offering our customers a Rapid Evaluation Service that we can perform with you over the phone in less than one hour. The deliverable will be a report that identifies where your current implementation stands in terms of protecting you from certificate compromise attacks.
Please email [email protected], or call us at 801-676-6900 to request the Rapid Evaluation Service. As always, you can contact your Account Executive, Sales Engineer or Customer Support contact for more information.
The Venafi Rapid Response Team
You can still receive a free assessment of your environment to determine your MD5 risks. Submit the Venafi Assessor™ form and a Venafi representative will contact you to help you with the fast and easy deployment. Assessor is simple to use and will quickly help you:
Suggested News Articles:
View this informative webinar to learn what happened with the Flame cyber espionage attack on Microsoft and how this new MD5 risk affects not only Global 2000 organizations, but also how it impacts you. Watch webinar now
Venafi Assessor is designed to help organizations develop and maintain best practices for critical security instruments. Using Assessor, IT and information security executives can rapidly discover critical SSL certificate, encryption key and certificate authority (CA) vulnerabilities. In addition to providing a comprehensive population inventory of all deployed certificates by issuer, Venafi Assessor delivers a succinct view of all issuing CAs (internal and external), vendor-issued certificates and self-signed certificates. Learn More
Venafi is the market leading cybersecurity company in Next-Generation Trust Protection. As a Gartner-recognized Cool Vendor, Venafi delivered the first trust protection platform to secure cryptographic keys and digital certificates that every business and government depend on for secure communications, commerce, computing, and mobility. With little to no visibility into how the tens of thousands of keys and certificates in the average enterprise are used, no ability to enforce policy, and no ability to detect or respond to anomalies and increased threats, organizations that blindly trust keys and certificates are at increased risk of costly attacks, data breaches, audit failures and unplanned outages.
As part of any enterprise infrastructure protection strategy, Venafi Director helps organizations regain control over trust in the cloud, on mobile devices, applications, virtual machines and network devices by protecting Any Key. Any Certificate. Anywhere™. Venafi prevents attacks on trust with automated discovery and intelligent policy enforcement, detects and reports on anomalous activity, and remediates errors and attacks by automatically replacing misconfigured and compromised keys and certificates. Venafi Threat Center provides primary research and threat intelligence for trust-based attacks.
Selected as a 2013 FiReStarter and Red Herring Top 100 company, Venafi customers are among the world’s most demanding, security-conscious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, manufacturing, healthcare and retail. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit www.venafi.com.