Flame Malware Attack Vector – MD5 Certificates
Venafi issues following Security Rapid Response Bulletin regarding FLAME MD5 vulnerability prevention
Salt Lake City, Utah – June 12, 2012
Dear Venafi customer,
The Flame malware, which came into public awareness near the end of May 2012, highlights the compromise of MD5-hashed certificates used to set up man-in-the-middle attacks on Microsoft licensing and update mechanisms. Microsoft has since issued an emergency patch to numerous systems to move the three fraudulent certificates to the un-trusted store in an effort to close the door on the attack vector.
While Microsoft has eliminated this specific vulnerability to fraudulent Microsoft certificates, organizations with instances of MD5 certificates on their own networks (internal and external) remain vulnerable to MD5 compromise risk. Professional hackers and insiders can exploit MD5 vulnerabilities to spoof certificates to perform similar man-in-the-middle attacks in order to gain access to corporate assets. We have statistically valid samples which demonstrate that virtually all enterprises in the Global 3000 have MD5 certificates pervasively deployed throughout their networks today.
Venafi customers who have deployed Director Certificate Manager and who are running repetitive discoveries on their network will know the number and location of MD5 certificates on their network today. With that remediation data, we strongly recommend that you remove or replace these vulnerable certificates immediately.
If you are also managing the certificates and have enabled Provisioning then you can automatically replace the vulnerable certificates using the Provisioning features of Director.
We also recommend that all certificates be put under Director management and that no certificates be issued that do not conform to the policies you have established.
The major failure mode of this increasingly common attack on certificates is a lack of management attention to the policies and best practices.
As a Venafi customer you have the applications and platforms in place to manage certificates so that you are not vulnerable to the attack on certificates as evidenced by the Flame malware.
We are offering our customers a Rapid Evaluation Service that we can perform with you over the phone in less than one hour. The deliverable will be a report that identifies where your current implementation stands in terms of protecting you from certificate compromise attacks.
Please email res@venafi.com, or call us at 801-676-6900 to request the Rapid Evaluation Service. As always, you can contact your Account Executive, Sales Engineer or Customer Support contact for more information.
Sincerely,
The Venafi Rapid Response Team
Not a Venafi customer?
You can still receive a free assessment of your environment to determine your MD5 risks. Submit the Venafi Assessor™ form and a Venafi representative will contact you to help you with the fast and easy deployment. Assessor is simple to use and will quickly help you:
- Learn how many and what all your certificates are, including self-signed and MD5 certificates
- See which keys are strong and which are weak and out of compliance
- Determine which certificate validity periods are creating risk
- Discover the identity of each certificate’s issuing certificate authority (CA)
Learn more about FLAME
Suggested News Articles:
- Forbes
Flame’s MD5 collision is the most worrisome security discovery of 2012 - Softpedia
Expert on Flame: Microsoft Fixed Their Problem, Not “the Problem” - Dark Reading
Flame Burns Microsoft with Digital Certificate Hack - eWeek
Flame Exploited Long-Known Flaw in MD5 Certificate Algorithm - Help Net Security
Global 2000 networks are vulnerable to Flame-style attacks - The Frontline
Microsoft Trustworthy Computing tour: Putting out Flame’s fire - Computing.co.uk
Flame virus could delete files, as well as copy them
Suggested On-demand Webinar
View this informative webinar to learn what happened with the Flame cyber espionage attack on Microsoft and how this new MD5 risk affects not only Global 2000 organizations, but also how it impacts you. Watch webinar now
Suggested Blogs:
- Flame Malware: Beware – Some dangerously misguided conclusions can be reached
- Confirmation of the FLAME Attack Vector
- Inadvertently Enabling Malware
- Flame malware – Like Stuxnet and Duqu before it
Venafi Assessor™
Venafi Assessor is designed to help organizations develop and maintain best practices for critical security instruments. Using Assessor, IT and information security executives can rapidly discover critical SSL certificate, encryption key and certificate authority (CA) vulnerabilities. In addition to providing a comprehensive population inventory of all deployed certificates by issuer, Venafi Assessor delivers a succinct view of all issuing CAs (internal and external), vendor-issued certificates and self-signed certificates. Learn More
About Venafi
Venafi is the inventor of and market leader in enterprise key and certificate management (EKCM). Venafi delivered the first enterprise-class solution to discover all digital certificates and cryptographic keys within an organization, connect these assets to the people responsible for them, report on and audit their use to prove compliance, enforce policy, and automate operations to eliminate security risks, unplanned outages and compliance failures. Designed specifically for the enterprise, Venafi Director helps organizations regain control over trust in the data center, on desktops and mobile devices, and in the cloud by managing Any Key. Any Certificate. Anywhere™. Venafi also publishes best practices for effective key and certificate management. Venafi customers include the world’s most prestigious Global 2000 organizations in financial services, insurance, high tech, telecommunications, aerospace, healthcare and retail. Venafi is backed by top-tier venture capital funds, including Foundation Capital, Pelion Venture Partners and Origin Partners. For more information, visit www.venafi.com.
- Measurable Successful Results
- Best Practices
- Function
- Problems