University RUB #Germany Paper - How break microsoft right Management services


Hi all,

I found this paper about RMS:



 Rights Ma­nage­ment Ser­vices (RMS) are used to en­force ac­cess con­trol in a di­stri­bu­ted en­vi­ron­ment, and to cryp­to­gra­phi­cal­ly pro­tect com­pa­nies’ as­sets by re­stric­ting ac­cess rights, for ex­amp­le, to view-on­ly, edit, print, etc., on a per-do­cu­ment basis. One of the most pro­mi­nent RMS im­ple­men­ta­ti­ons is Micro­soft RMS. It can be found in Ac­tive Di­rec­to­ry (AD) and Azure. Pre­vious re­se­arch con­cen­tra­ted on ge­ne­ric we­ak­nes­ses of RMS, but did not pre­sent at­tacks on real world sys­tems.

We pro­vi­de a se­cu­ri­ty ana­ly­sis of Micro­soft RMS and pre­sent two wor­king at­tacks: (1.) We com­ple­te­ly re­mo­ve the RMS pro­tec­tion of a Word do­cu­ment on which we only have a view-on­ly per­mis­si­on, wi­thout ha­ving the right to edit it. This shows that in con­trast to claims made by Micro­soft, Micro­soft RMS can only be used to en­force all-or-not­hing ac­cess. (2.) We ex­tend this at­tack to be ste­althy in the fol­lowing sense: We show how to mo­di­fy the con­tent of an RMS wri­te-pro­tec­ted Word do­cu­ment is­su­ed by our victim. The re­sul­ting do­cu­ment still claims to be write pro­tec­ted, and that the mo­di­fied con­tent was ge­ne­ra­ted by the victim. We show that these at­tacks are not li­mi­ted to local in­stan­ces of Micro­soft AD, and can be ex­ten­ded to Azure RMS and Of­fice 365.

We re­s­pon­si­bly dis­clo­sed our fin­dings to Micro­soft. They ack­now­ledged our fin­dings (MSRC Case 33210)."


Does someone have any Information about it? Is there a solution? Does Microsoft solve the issue? 


Any new Information? 


Thank you very much!


Best regards


1 Reply

Content protected by Azure Information Protection relies on good identity management and a malicious user that is granted access to content will always be a threat to the security of your content. A user must have a valid user name and password to access content that is protected by Azure Information Protection. 


Read more: The role of Azure Information Protection in securing data