The Flame malware, which came into public awareness near the end of May 2012, highlights the compromise of MD5-hashed certificates used to set up man-in-the-middle attacks on Microsoft licensing and update mechanisms. Microsoft has since issued an emergency patch to numerous systems to move the three fraudulent certificates to the un-trusted store in an effort to close the door on the attack vector.
While Microsoft has eliminated this specific vulnerability to fraudulent Microsoft certificates, organizations with instances of MD5 certificates on their own networks (internal and external) remain vulnerable to MD5 compromise risk. Professional hackers and insiders can exploit MD5 vulnerabilities to spoof certificates to perform similar man-in-the-middle attacks in order to gain access to corporate assets. We have statistically valid samples which demonstrate that virtually all enterprises in the Global 3000 have MD5 certificates pervasively deployed throughout their networks today.
Venafi customers who have deployed Director Certificate Manager and who are running repetitive discoveries on their network will know the number and location of MD5 certificates on their network today. With that remediation data, we strongly recommend that you remove or replace these vulnerable certificates immediately.
If you are also managing the certificates and have enabled Provisioning then you can automatically replace the vulnerable certificates using the Provisioning features of Director.
We also recommend that all certificates be put under Director management and that no certificates be issued that do not conform to the policies you have established.
The major failure mode of this increasingly common attack on certificates is a lack of management attention to the policies and best practices.
As a Venafi customer you have the applications and platforms in place to manage certificates so that you are not vulnerable to the attack on certificates as evidenced by the Flame malware.
We are offering our customers a Rapid Evaluation Service that we can perform with you over the phone in less than one hour. The deliverable will be a report that identifies where your current implementation stands in terms of protecting you from certificate compromise attacks.
Please email firstname.lastname@example.org, or call us at 801-676-6900 to request the Rapid Evaluation Service. As always, you can contact your Account Executive, Sales Engineer or Customer Support contact for more information.
The Venafi Rapid Response Team
Not a Venafi customer?
Join your peers and request your Enterprise Security Vulnerability Profile. See if you are as surprised by your results as other organizations have been. The Enterprise Security Vulnerability Profile is an external network scan which requires no inside access to create. External analysis can be used on its own or to infer inside network conditions.
Your Enterprise Security Vulnerability Profile will include:
View this informative webinar to learn what happened with the Flame cyber espionage attack on Microsoft and how this new MD5 risk affects not only Global 2000 organizations, but also how it impacts you. Watch webinar now