Friday, July 22, 2016

How to Break Microsoft Rights Management Services

In this post, we provide a security analysis of Microsoft Rights Management Services (RMS) and present two working attacks: 
  1. We completely remove the RMS protection of a Word document on which we only have a view-only permission, without having the right to edit it. This shows that in contrast to claims made by Microsoft, Microsoft RMS can only be used to enforce all-or-nothing access. 
  2. We extend this attack to be stealthy in the following sense: We show how to modify the content of an RMS write-protected Word document issued by our victim. The resulting document still claims to be write protected, and that the modified content was generated by the victim
This work is going to be presented at WOOT'16.
Read more »
By at
Labels: , , , ,
Location: Ruhr-Universität, 44801 Bochum, Deutschland
Subscribe to: Posts (Atom)

Beliebte Posts

  • DTD Cheat Sheet
    When evaluating the security of XML based services, one should always consider DTD based attack vectors, such as XML External Entities (XXE)...
  • CORS misconfigurations on a large scale
    Inspired by James Kettle 's great OWASP AppSec Europe talk on CORS misconfigurations, we decided to fiddle around with CORS security i...
  • Printer Security
    Printers belong arguably to the most common devices we use. They are available in every household, office, company, governmental, medic...
  • How to Break Microsoft Rights Management Services
    In this post, we provide a security analysis of Microsoft Rights Management Services (RMS) and present two working attacks:  We complete...
  • How To Spoof PDF Signatures
    One year ago, we received a contract as a PDF file. It was digitally signed. We looked at the document - ignoring the "certificate is n...