A critical Windows component expires in 25 hours

While working on the new version of CTLInfo (screenshot below), I ran across an unexpected and rather scary finding: A key security component of Windows, the so-called ‘Disallowed’ CTL, has a validity of 15 months and is going to expire in 25 hours.

img123

This is very worrying, because the ‘Disallowed’ CTL is a small but critical component in today’s Web PKI infrastructure and is used by Windows systems to keep track of any high-profile certificates that have been compromised. It includes thumbprints for compromised certificates such as Dutch Certificate Authority Diginotar, Microsoft’s Live.fi, and many more.

I can’t accurately foresee what is going to happen in 25 hours (more accurately, starting from 2015-09-23 20:36:26 GMT), but the implications could be disastrous yet mostly invisible: all Windows systems, unable to verify the validity of their CTLs, could be at increased risk of MITM attacks worldwide. I’m especially concerned about newly installed systems which ship with an empty Disallowed CTL and will be unable to successfully autoupdate their CTLs until Microsoft pushes out new ones.

I contacted Microsoft as soon as I found out about this, but haven’t heard back so far. I do still have a (very) slim hope that Windows magically autoupdates before doomsday hits.

At this time, I don’t have information on how to mitigate this possible risk effectively.

I did not have enough time to analyze the issue in greater depth, so I really hope I’m wrong on this. It would be good if someone could confirm these observations.

Note: on a Windows 2012R2 server, it is also possible to view the issue using the following command:

 certutil -verifyCTL disallowed

#Update 1#

Good news! Microsoft has just released a new Disallowed CTL, and most importantly, signed with a new certificate. That was really close! Windows systems with direct connectivity to ctldl.windowsupdate.com should automatically get the update within 24 hours.

<img src=http://i.imgur.com/dZRNo9k.png>

SHA1 thumbprint of the new signing certificate:

 3e 42 ad 26 cc 2f 6e f1 52 99 15 0f ca be df 85 b9 af 75 d3

Expiration date: 2016-08-14

Note: The updated CTL has the exact same entries as the old one. The rogue Google certificates recently issued by Symantec are not included.

<A href=https://twitter.com/hexatomium>Follow</A> @hexatomium

View my <A HREF=https://www.linkedin.com/profile/view?id=1283234>LinkedIn</A> page (Firas Salem)

Written on September 22, 2015