Microsoft’s Secure Time Seeding Is Quite The “Feature”
Let’s Do The Time Warp Again!
A little known Windows feature is making news due to the repercussions it recently caused a phone provider, which has been intermittently making sysadmin’s lives quite frustrating for years. Secure Time Seeding is meant to provide a backup for the RTC on computers, in case battery failure causes the machine to lose the current time. This certainly sounds like a good idea as a system with an incorrect time and date is not able to authenticate against digital certificates and will start scheduled jobs at the wrong time. It can also cause immense problems on servers which maintain databases which track data over time, as one rather upset sysadmin discovered.
The Secure Time Seeding feature checks the local system time against values found in a field in the SSL certificates it exchanges when making a secure connection to another server. It could consult the nearest server, but as that connection is not necessarily secure that would open up another attack vector. The problem is that since no one really knew about this feature, and so the field containing the time value in an SSL certificate often just contains a random number. Why bother to ensure it is accurate when nothing uses it?
This has lead to some serious issues with servers, but since it happens so infrequently the cause never revealed itself until now. Ars Technica delves into the full story about STS and some of the fallout it has caused in this story.
The culprit was a little-known feature in Windows known as Secure Time Seeding. Microsoft introduced the time-keeping feature in 2016 as a way to ensure that system clocks were accurate. Windows systems with clocks set to the wrong time can cause disastrous errors when they can’t properly parse timestamps in digital certificates or they execute jobs too early, too late, or out of the prescribed order.
More Tech News From Around The Web
- Windows Task Manager refresh can be paused using CTRL key @ Bleeping Computer
- UCIe 1.1 Specs Announced for Chiplet Future @ ServeTheHome
- New Intel GPU drivers help address one of Arc’s biggest remaining weak points @ Ars Technica
- A Key Feature of NFTs Has Completely Broken @ Slashdot
- End of the road: The Xbox 360 game marketplace will shut down @ Ars Technica
- 2023 Cyberdeck Contest: Cyberdeck Red Is Ready For Action @ Hackaday
- Microsoft AI Suggests Food Bank As a ‘Cannot Miss’ Tourist Spot In Canada @ Slashdot
- Debian Turns 30 @ Slashdot
- YouTube accused of aiming ads at kids after promising it wouldn’t do that @ The Register
- Guidemaster: RFID-blocker cards and wallets to help keep your cards secure @ Ars Technica
- PowerShell? More like PowerHell: Microsoft won’t fix flaws in package gallery ripe for supply chain attacks @ The Register
- Snapchat’s My AI Goes Rogue, Posts To Stories @ Slashdot
- Lenovo’s answer to Steam Deck, Legion Go, sports Switch-like detachable controls @ Ars Technica
- Data Recovery In The Woodshed @ Hackaday
- Don’t just patch your Citrix gear, check for intrusion: Two bugs exploited in wild @ The Register
- Hotmail email delivery fails after Microsoft misconfigures DNS @ Bleeping Computer
- Western Digital sued over claims of data-trashing SanDisk, My Passport SSDs @ The Register
