Workplace Open XML signatures are ‘virtually nugatory’ • The Register
Workplace Open XML (OOXML) Signatures, an Ecma/ISO customary utilized in Microsoft Workplace purposes and open supply OnlyOffice, have a number of safety flaws and may be simply spoofed.
Because of this, Workplace recordsdata signed this way may be altered undetectably or utterly fabricated with a cast signature. And that is essentially opposite to the aim of digital signatures.
5 pc researchers from Ruhr College Bochum in Germany – Simon Rohlmann, Vladislav Mladenov, Christian Mainka, Daniel Hirschberger, and Jörg Schwenk – describe this sorry state of affairs in a paper titled: “Each Signature is Damaged: On the Insecurity of Microsoft Workplace’s OOXML Signatures.”
The paper is scheduled to be offered on the USENIX Security Symposium in August.
OOXML first appeared in Workplace in 2006. It consists of a zipped bundle of XML recordsdata. Microsoft refers back to the format merely as Open XML.
The boffins say they discovered discrepancies within the construction of workplace paperwork and the way in which signatures get verified. Because of this they have been in a position to determine 5 methods to assault weak paperwork to change their contents and forge signatures.
The researchers examined the assaults on variations of Microsoft Workplace on Home windows and macOS, in addition to on OnlyOffice Desktop for Home windows, macOS, and Linux. And each single one was weak.
And with Microsoft Workplace for macOS, doc signatures merely weren’t validated in any respect. The researchers discovered they may add an empty file named sig1.xml to an OOXML bundle – which consists of a number of zipped recordsdata – and the Workplace for Mac would present a safety banner proclaiming that the doc was protected by a signature.
“The assaults’ influence is alarming: attackers can arbitrarily manipulate the displayed content material of a signed doc, and victims are unable to detect the tampering,” the authors clarify of their paper.
“Even worse, we current a common signature forgery assault that permits the attacker to create an arbitrary doc and apply a signature extracted from a distinct supply, resembling an ODF doc or a SAML token. For the sufferer, the doc is displayed as validly signed by a trusted entity.”
There are three points primarily. First, OOXML makes use of partial signatures, so not each file will get checked. Second, the rendering circulation permits unsigned content material to be added to recordsdata, and third, dealing with cryptographic verification for digital signatures is overly difficult.
“We see the principle downside with partial signatures,” defined Simon Rohlmann, Tandem-Professor for IT Safety/Info at Mainz College of Utilized Sciences and lead writer of the paper whereas at Ruhr College Bochum, in an e-mail to The Register. “A digital signature is meant to guard the integrity of a doc, however on the identical time not all elements of the doc are signed. It is a contradiction in phrases.”
The group say it reported the findings to Microsoft, OnlyOffice, and to the related requirements committee, ISO/IEC JTC 1/SC 34.
Microsoft, they declare, acknowledged the findings and awarded a bug bounty, however “has determined that the vulnerabilities don’t require quick consideration.” And the researchers say they’ve not heard from OnlyOffice since October, 2022.
Microsoft and OnlyOffice didn’t instantly reply to requests for remark.
One of many paper’s co-authors, Daniel Hirschberger, has posted proof-of-concept code for spoofing OOXML signatures.
Rohlmann stated he simply retested the assaults on the most recent LTSC model of Microsoft Workplace 2021 (model 2108, construct 14332.20503). “All assaults nonetheless work, which suggests the vulnerabilities haven’t been mounted,” he stated.
When requested about Microsoft’s evaluation that these points don’t require quick consideration, Rohlmann stated he disagrees.
“Digital signatures ought to no less than obtain the data safety targets of integrity and authenticity,” he stated.
“By opting within the OOXML customary for partial signatures, these targets can’t be achieved. We’ve got discovered a number of methods to switch the content material of signed OOXML paperwork. This makes the digital signature for these paperwork virtually nugatory. For instance, an attacker may use signed paperwork to make assaults primarily based on social engineering seem notably reliable as a result of the doc incorporates a sound signature of a superior.”
Rohlmann stated he couldn’t say how frequent signed OOXML paperwork could also be. “Signed paperwork are primarily utilized by firms and governments, and are largely used internally, so we shouldn’t have any clear data on this,” he stated. “Nevertheless, I estimate that the distribution of signed PDF paperwork might be considerably greater than signed OOXML paperwork.”
Partial signatures, stated Rohlmann, are the principle downside and different file codecs have addressed this, notably the OpenDocument Format (ODF).
“In earlier draft variations, the connection recordsdata weren’t a part of the signature calculation, identical to in OOXML at present,” he stated.
“This has been mounted within the ultimate ODF version 1.2. In our analysis, we additionally discovered issues with signed ODF variations, however these have been extra probably attributable to fundamental issues with XML signatures or implementation flaws on the a part of the distributors. Usually, we should always at all times keep away from partial signatures in paperwork. Since this results in insecure implementations, associated to the signature.” ®