Microsoft is aware of a security feature bypass vulnerability in Secure Channel (Schannel) that affects all supported releases of Microsoft Windows. Our investigation has verified that the vulnerability could allow an attacker to force the downgrading of the cipher suites used in an SSL/TLS connection on a Windows client system. The vulnerability facilitates exploitation of the publicly disclosed FREAK technique, which is an industry-wide issue that is not specific to Windows operating systems. When this security advisory was originally released, Microsoft had not received any information to indicate that this issue had been publicly used to attack customers.

We are actively working with partners in our Microsoft Active Protections Program (MAPP) to provide information that they can use to provide broader protections to customers.

Upon completion of this investigation, Microsoft will take the appropriate action to help protect customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

Mitigating Factors

• A server needs to support RSA key exchange export ciphers for an attack to be successful.

Recommendation

• Please see the Suggested Actions section of this advisory for workarounds to disable the RSA export ciphers. Microsoft recommends that customers use these workarounds to mitigate this vulnerability.

Issue References

For more information about this issue, see the following references:

This advisory discusses the following software.

What is the scope of the advisory?
The purpose of this advisory is to notify customers that Microsoft is aware of a security feature bypass vulnerability affecting Schannel. The vulnerability could allow a man-in-the-middle (MiTM) attacker to force the downgrading of the cipher used in an SSL/TLS connection on a Windows client system to weaker individual ciphers that are disabled but part of a cipher suite that is enabled.

Why is there no workaround for Windows Server 2003 when it is listed as affected software?
The cipher management architecture on Windows Server 2003 does not allow for the enabling or disabling of individual ciphers.

How could an attacker exploit the vulnerability?
In an MiTM attack, an attacker could downgrade an encrypted SSL/TLS session and force client systems to use a weaker RSA export cipher. The attacker could then intercept and decrypt this traffic.

What might an attacker use this vulnerability to do?
An attacker who successfully exploited this vulnerability could facilitate man-in-the-middle attacks that could decrypt encrypted traffic.

What causes the vulnerability?
The vulnerability is caused by an issue in TLS state machine in Schannel.

How are Windows servers impacted ?
Windows servers are not impacted in the default configuration (export ciphers disabled).

Apply Workarounds

Workarounds refer to a setting or configuration change that does not correct the underlying issue but would help block known attack vectors before a security update is available.

• Disable RSA key exchange ciphers using the Group Policy Object Editor (Windows Vista and later systems only)
  

  You can disable the RSA key exchange ciphers in Windows Vista and later systems by modifying the SSL Cipher Suite order in the Group Policy Object Editor.

  To disable the RSA key exchange ciphers you have to specify the ciphers that Windows should use by performing the following steps:

  1. At a command prompt, type gpedit.msc and press Enter to start the Group Policy Object Editor.
  2. Expand Computer Configuration, Administrative Templates, Network, and then click SSL Configuration Settings.
  3. Under SSL Configuration Settings, click the SSL Cipher Suite Order setting.
  4. In the SSL Cipher Suite Order pane, scroll to the bottom of the pane.
  5. Follow the instructions labeled How to modify this setting, and enter the following cipher list:
     Copy

      TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA 

  6. Click OK
  7. Close the Group Policy Object Editor and then restart your computer.

  Impact of workaround. Windows will fail to connect to systems that do not support any of the ciphers listed in the workaround. To determine which ciphers are available for each cryptographic protocol refer to Cipher Suites in Schannel.

  
  How to undo the workaround. Follow these steps to disable the SSL Cipher Suite Order policy setting:

  1. At a command prompt, type gpedit.msc and press Enter to start the Group Policy Object Editor.
  2. Expand Computer Configuration, Administrative Templates, Network, and then click SSL Configuration Settings.
  3. Under SSL Configuration Settings, click the SSL Cipher Suite Order setting.
  4. In the SSL Cipher Suite Order pane, click Edit policy setting.
  5. In the SSL Cipher Suite Order window, select Disabled and then click OK.
  6. Close the Group Policy Object Editor and then restart your computer.

Additional Suggested Actions

• Protect your PC

  We continue to encourage customers to follow our Protect Your Computer guidance of enabling a firewall, getting software updates and installing antivirus software. For more information, see Microsoft Safety & Security Center.

• Keep Microsoft Software Updated

  Users running Microsoft software should apply the latest Microsoft security updates to help make sure that their computers are as protected as possible. If you are not sure whether your software is up to date, visit Microsoft Update, scan your computer for available updates, and install any high-priority updates that are offered to you. If you have automatic updating enabled and configured to provide updates for Microsoft products, the updates are delivered to you when they are released, but you should verify that they are installed.

Microsoft Active Protections Program (MAPP)

To improve security protections for customers, Microsoft provides vulnerability information to major security software providers in advance of each monthly security update release. Security software providers can then use this vulnerability information to provide updated protections to customers via their security software or devices, such as antivirus, network-based intrusion detection systems, or host-based intrusion prevention systems. To determine whether active protections are available from security software providers, please visit the active protections websites provided by program partners, listed in Microsoft Active Protections Program (MAPP) Partners.

Feedback

• You can provide feedback by completing the Microsoft Help and Support form, Customer Service Contact Us.

Support

• Customers in the United States and Canada can receive technical support from Security Support. For more information, see Microsoft Help and Support.
• International customers can receive support from their local Microsoft subsidiaries. For more information, see International Support.
• Microsoft TechNet Security provides additional information about security in Microsoft products.

Disclaimer

The information provided in this advisory is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

Revisions

• V1.0 (March 5, 2015): Advisory published.
• V1.1 (March 5, 2015): Advisory revised to clarify the reason why no workaround exists for systems running Windows Server 2003. See the Update FAQ for more information.