Are XP, Vista vulnerable to random number generator attack?

Are newer Windows versions vulnerable to the flaw found in Windows 2000?

The flaw in Windows 2000's random number generator uncovered by Israeli researchers is a vulnerability -- but not a security vulnerability, Microsoft said late last week as it left users wondering if newer versions of the operating system shared the same problem.

In a paper published earlier this month, Benny Pinkas of the University of Haifa and two Hebrew University graduate students, Zvi Gutterman and Leo Dorrendorf, described how attackers could exploit a weakness in Windows' pseudo-random number generator (PRNG) to predict encryption keys generated by the operating system and its applications.

After reverse-engineering the algorithm used to power the PRNG, Pinkas and his colleagues found that they could easily predict its future results and reveal what it had produced in the past. They could then compute both future and previously-used encryption keys.

The past was most important to Pinkas. "For you as a user, it means that if you are managing sensitive information today it is not enough for you to verify that your computer hasn't been compromised in the past," said Pinkas in a follow-up interview Monday. "You should also worry about future attacks, since a compromise in the future might reveal the sensitive information used today.

"In the security world, this is called an attack on 'forward secrecy', and is taken very seriously," he added for emphasis.

Last week, Microsoft responded to Pinkas' paper with several statements sent to Computerworld in which it first acknowledged that the PRNG had a "local information disclosure vulnerability" but then denied that it had a "security vulnerability."

"There is no security vulnerability," Bill Sisk, the company's security response communications manager said in the statement issued through Microsoft's outside public relations firm. "Information is not disclosed inappropriately to unauthorized users on any supported Windows systems. In all cases discussed in the claim, information is visible only to the users themselves or to another user logged on to the local system with administrator credentials."

Microsoft's justification that the PRNG issue was not a security vulnerability didn't sit well with Pinkas, who argued the other side. "Applied alone [our attack] does not enable unauthorized parties to access the system, but it does disclose to authorized users information which they are not supposed to learn," he said.

Symantec, which posted its own analysis last week, issued a low-level alert for it today to customers of its DeepSight threat network. Like Microsoft, Symantec didn't classify the threat as a security vulnerability, but instead called it a design error. "Microsoft's recognized this as a local information disclosure issue, and Symantec agrees," Wayne Periman, the director of development for Symantec's security response, said on Monday. "The reason for the low rating is that in order to exploit this there has to be a complex attack organized."

Symantec scored the problem as 3.1 on a scale of 1-10. Periman also defended Microsoft's classification of the issue, saying it is in line with general practices and meets the current definition of "vulnerability."

What to call the PRNG's problem -- weakness, bug, vulnerability, information disclosure -- wasn't the only question up for grabs, however. One user responding to last weeks' story on Pinkas' research put it bluntly. "OK Computerworld, the BIG question which you did not answer is does this affect XP, Vista, and Server 2003," said Michael Geiser in a comment posted last Friday. "The fact that you ignored such an obvious issue means the answer is likely 'no'."

The researchers wouldn't make claims regarding Windows XP or later versions of Windows, but Pinkas hinted at what he thought further research might find. "Regarding XP and Vista, we can say very little because we did not study these operating systems in detail. However, our early analysis of the random number generator of XP shows that the overall design and the external layer of the architecture are similar to those of Windows 2000," he said. "[But] we have not examined yet all the parts of the random generator of XP."

Pinkas wasn't the only one leery of being pinned down on post-Windows 2000 random number generators. When asked if Windows XP's, Server 2003's and Vista's PRNGs also sported the flaws outlined by the research, Microsoft reply stopped short of stating that those editions were immune from the Pinkas attack. "Microsoft also determined later versions of Windows systems contain various changes and enhancements to the random number generator," the company said in another e-mailed statement attributed to Sisk.

Microsoft did not reply to a follow-up question seeking a yes or no answer: "Can the future and past results of the PRNG used in Windows XP, Windows Server 2003, and Windows Vista be predicted and discovered using the techniques as related by Pinkas et al?"

According to an earlier message from Sisk, Microsoft will consider -- but did not commit to -- strengthening its PRNG.

Pinkas, who has been in contact with Microsoft since March, when he shared the team's findings with the company, doesn't know whether Redmond will patch the PRNG. But he said he suggested that Microsoft beef up the current random number generator's design

"The motivation for our research was our interest in understanding a main security building block of the operating system," he said. "Unfortunately, the random number generator of Microsoft Windows was designed with 'security by obscurity' and its design was not public."

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Show Comments

Most Popular Reviews

Latest News Articles


PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?