question

61896571 avatar image
0 Votes"
61896571 asked MartinRublik-0301 answered

Does the woot16-paper RMS whitepaper still apply to Sensitivity labels?

A user sent in https://www.usenix.org/system/files/conference/woot16/woot16-paper-grothe.pdf regarding our new sensitivity labels.

Is there a CVE for this specific incident and does that apply to the sensitivity labels encryption on files?

azure-information-protection
· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JamesTran-MSFT avatar image JamesTran-MSFT ·

@JonasSysadmin
Thank you for your post!

For this whitepaper, can you share the specific event you're referring to? I can see the title of the paper says "How to Break Microsoft Rights Management Services". However, is there a specific method this paper is talking about when it comes to breaking the Microsoft Rights Management Services?

Any additional details would be greatly appreciated.


If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

0 Votes 0 ·
61896571 avatar image 61896571 JamesTran-MSFT ·

Hi James,

It mentions that it is able to remove the protection of RMS-protected office documents and I wanted to see if that affected the current sensitivity labels. Are sensitivity labels protected by the same RMS?

The paper mentions that it was sent and acknowledged in MSRC Case 33210 but I can't find a reply saying that this method of attack has been fixed.

I just need to check off on it before deploying sensitivity labels.

0 Votes 0 ·

2 Answers

JamesTran-MSFT avatar image
0 Votes"
JamesTran-MSFT answered

@JonasSysadmin
Thank you for the quick response! For the MSRC case, I'd recommend reaching out to our Microsoft Security Response Center via their webpage.

When it comes to sensitivity labels, it's recommended to Migrate from AD RMS to Azure Information Protection(AIP). With AIP, you must be the owner of the file to remove protection, or been granted permissions to remove protection (the Rights Management permission of Export or Full Control). For more info. Lastly, with the Unified labeling client, labeling and protection actions aren't supported. However, for an AD RMS deployment, the viewer can open protected documents when you use the Active Directory Rights Management Services Mobile Device Extension.


I hope this helps!
Thank you for your time and patience throughout this issue.

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MartinRublik-0301 avatar image
1 Vote"
MartinRublik-0301 answered

I believe that the attack will be still sucessful, since the protection mechanism has not changed. Anyway, the attack will be sucessful only if you have some rights on the content e.g. you can request a use license.

Some information is also available on the researchers web site https://web-in-security.blogspot.com/2016/07/how-to-break-microsoft-rights.html

Martin

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.