Flame Malware Spread Via Rogue Microsoft Security Certificates
The Hacker News

Microsoft released an emergency Windows update on Sunday after revealing that one of its trusted digital signatures was being abused to certify the validity of the Flame malware that has infected computers in Iran and other Middle Eastern Countries.

The patch revoked three intermediate Microsoft certificates used in active attacks to "spoof content, perform phishing attacks, or perform man-in-the-middle attacks".Microsoft also killed off certificates that were usable for code signing via Microsoft's Terminal Services licensing certification authority (CA) that ultimately "chained up" to the Microsoft Root Authority.The authority issued certificates for users to authorise Remote Desktop services in their enterprises.

The Microsoft blog post explains that a vulnerability in an old cryptography algorithm is exploited by some elements of Flame to make them appear as if they originated from Microsoft. Most systems around the world accept officially-signed Microsoft code as safe by default, so the malware would enter unnoticed.

Windows users are urged to install the new KB2718704 patch. If you enabled Automatic Updates, the patch should automatically install. If not, you can open Windows Update on your PC and manually install it.

Since the virus is highly targeted and can be caught by most antivirus programs, the "vast majority of customers are not at risk," according to Microsoft.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.