For all the progress Microsoft has made lately in understanding security, it's the simple things that most of us take for granted as obvious that still get overlooked for some reason. Microsoft does not distribute these guides using SSL, so the distribution is vulnerable to MITM attacks. Anyone interested in downloading these guides must be aware that they are distributed by Microsoft in the form of self-extracting .exe's bearing digital signatures embedded in the Portable Executable file's header section. A properly-constructed malicious .exe could, in principle, embed malicious code in a PE file header such that the digital signature verification feature of Windows Explorer could be attacked as signature verification is performed. Therefore, trusting Windows Explorer to verify the digital signature applied to .exe's that you download from an untrustworthy remote server (one that does not use SSL, for example) may itself result in the execution of arbitrary malicious code selected by the MITM. Assuming that you're willing to take this risk (which you should do on an isolated test box for extra safety) you must also be aware that Microsoft doesn't bother to tell you how you will know if the .exe's signature is the one they applied; here is what appears to be the public key and thumbprint for each signature, if you see anything else you should assume that the .exe is not trustworthy (why Microsoft insists on distributing .exe's for documentation is another question that we'll probably never get answered): Each file appears to be signed with the following certificate chain: certificate subject: CN = Microsoft Corporation OU = Copyright (c) 2002 Microsoft Corp. O = Microsoft Corporation L = Redmond S = Washington C = US certificate issuer: CN = Microsoft Code Signing PCA OU = Copyright (c) 2000 Microsoft Corp. O = Microsoft Corporation L = Redmond S = Washington C = US root certificate: CN = Microsoft Root Authority OU = Microsoft Corporation OU = Copyright (c) 1997 Microsoft Corp. certificate public key: 3082 010A 0282 0101 00AA 99BD 39A8 1827 F42B 3D0B 4C3F 7C77 2EA7 CBB5 D18C 0DC2 3A74 D793 B5E0 A04B 3F59 5ECE 454F 9A79 29F1 49CC 1A47 EE55 C208 3E12 20F8 55F2 EE5F D3E0 CA96 BC30 DEFE 58C8 2732 D085 54E8 F091 10BB F32B BE19 E503 9B0B 861D F3B0 398C B8FD 0B1D 3C73 26AC 572B CA29 A215 9082 15E2 77A3 4052 038B 9DC2 70BA 1FE9 34F6 F335 924E 5583 F8DA 30B6 20DE 5706 B55A 4206 DE59 CBF2 DFA6 BD15 4771 1925 23D2 CB6F 9B19 79DF 6A5B F176 0579 29FC C356 CA8F 4408 8555 8ACB C80F 464B 55CB 8C96 774A 87E8 A941 06C7 FF0D E968 5763 72C3 6957 B443 CF32 3A30 DC1B E9D5 4326 2A79 FE95 DB22 6724 C92F D034 E3E6 FB51 4986 B83C D025 5FD6 EC9E 0361 87A9 6840 C7F8 E203 E6CF 0502 0301 0001 The files are as follows: Windows Server 2003 Security Guide: http://go.microsoft.com/fwlink/?LinkId=14845 filename: Windows_Server_2003_Security_Guide.exe size: 2.33 MB (2,452,088 bytes) timestamp: Thursday, April 24, 2003 1:31:41 PM signature sha1 hash: 04 14 4A 56 67 F6 CF 44 58 E4 05 F9 76 54 3C 03 8F 01 73 7A 5A ED file's SIP sha1 hash: 66-61-CF-B9-0B-EB-F5-A8-37-5A-F4-A2-B7-10-57-BE-6B-F5-83-72 full-file sha1 hash: 6661cfb90bebf5a8375af4a2b71057be6bf58372 -- Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP http://go.microsoft.com/fwlink/?LinkId=15159 filename: Threats_and_Countermeasures_Guide.exe size: 1.45 MB (1,522,296 bytes) timestamp: Thursday, April 24, 2003 1:31:11 PM signature sha1 hash: 04 14 FF 07 49 0F 8B 6A 38 DF BD B9 85 5F 43 54 04 D7 8F 7D 6C 1B file's SIP sha1 hash: 2C-14-BE-90-4D-47-A9-66-56-07-20-72-1C-C3-3B-9D-76-23-6D-13 full-file sha1 hash: 2c14be904d47a966560720721cc33b9d76236d13 -- MSS Glossary: http://go.microsoft.com/fwlink/?LinkId=16256 filename: Microsoft_Solutions_for_Security_Glossary.exe size: 494 KB (506,440 bytes) timestamp: Thursday, April 24, 2003 10:52:16 AM signature sha1 hash: 04 14 9C 95 C3 92 93 D6 E1 B7 99 AA A2 EE 42 D9 00 7F E8 DE 15 17 file's SIP sha1 hash: 51-96-51-F5-0F-94-FD-33-79-CA-63-E9-36-63-59-5D-6F-D0-E1-FC full-file sha1 hash: 519651f50f94fd3379ca63e93663595d6fd0e1fc -- For each file listed above there is a "full-file sha1 hash" which can be verified using any full-file sha1 hashing utility. Microsoft does not provide any such utility, so this is by far the most trustworthy method to ascertain that the file is what you expect it to be. For each file listed above, the "file's SIP sha1 hash" is the sha1 hash produced using the Microsoft Crypto API's SIP hashing provider. The following C# code will produce this hash for you on the command line, so that you can verify the SIP hash of each .exe file before you attempt to verify its attached digital signature: using System; using System.Security.Cryptography; using System.IO; namespace sha1hasher { class Class1 { [STAThread] static void Main(string[] args) { HashAlgorithm sha = SHA1Managed.Create(); FileStream fs; byte[] hash; FileInfo[] fi = new DirectoryInfo(Directory.GetCurrentDirectory()).GetFiles(); foreach(FileInfo f in fi) { try { fs = f.Open(FileMode.Open); hash = sha.ComputeHash(fs); System.Console.WriteLine(f.Name + ": " + BitConverter.ToString(hash)); fs.Close(); } catch(Exception ex) { System.Console.WriteLine(ex); } } } } } Microsoft makes this all much more complicated than it needs to be, which is a vulnerability in and of itself. I strongly urge Microsoft to stop distributing documentation in .exe format, as this whole method of digital signature management is ill-conceived and poorly-implemented. If you encounter any hash other than the ones listed above, report it to Microsoft. You can also e-mail me and I'll assist you in determining the reason for the hash verification failure. This is no more, and no less, than Microsoft themselves should be offering to do, considering that they are the ones placing you at risk by refusing to follow industry standard best practices. For every .exe that Microsoft distributes, it should consider publishing a known good full-file hash code so that a hash verification tool of the user's choice can be used, on a platform of the user's choice, to verify that the file received over the network is the file they expected -- BEFORE attempting to use a tool like Windows Explorer to read structured information such as digital signature data out of the PE file's header sections. Each such attempt to interpret structured data from inside the PE file's header sections may result in a buffer overflow attack if there are exploitable bugs present in the tool used to parse these structured data fields. Sincerely, Jason Coombs jasoncat_private -----Original Message----- From: Michael Howard [mailto:mikehowat_private] Sent: Thursday, April 24, 2003 6:36 PM To: bugtraqat_private Subject: Windows Server 2003 Security Guide available Microsoft Security Solutions is happy to announce the release of the _Windows Server 2003 Security Guide_ and its companion guide, _Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP_. ... The guides can be found online at: ...
This archive was generated by hypermail 2b30 : Mon Apr 28 2003 - 13:31:17 PDT