Search in HRJ Tricks

Related Posts Plugin for WordPress, Blogger...

Wednesday, June 6, 2012

Flame Malware Spread Via Rogue Microsoft Security Certificates


Microsoft released an emergency Windows update on Sunday after revealing that one of its trusted digital signatures was being abused to certify the validity of the Flame malware that has infected computers in Iran and other Middle Eastern Countries.

The patch revoked three intermediate Microsoft certificates used in active attacks to “spoof content, perform phishing attacks, or perform man-in-the-middle attacks”.Microsoft also killed off certificates that were usable for code signing via Microsoft’s Terminal Services licensing certification authority (CA) that ultimately “chained up” to the Microsoft Root Authority.The authority issued certificates for users to authorise Remote Desktop services in their enterprises.

The Microsoft blog post explains that a vulnerability in an old cryptography algorithm is exploited by some elements of Flame to make them appear as if they originated from Microsoft. Most systems around the world accept officially-signed Microsoft code as safe by default, so the malware would enter unnoticed.

Windows users are urged to install the new KB2718704 patch. If you enabled Automatic Updates, the patch should automatically install. If not, you can open Windows Update on your PC and manually install it.

Since the virus is highly targeted and can be caught by most antivirus programs, the "vast majority of customers are not at risk," according to Microsoft.

1 comment:

  1. I leave a response when I especially enjoy a post on a website or if I have something to
    add to the discussion. It's a result of the sincerness
    displayed in the article I browsed. And on this article "Flame Malware Spread Via Rogue Microsoft Security Certificates".
    I was excited enough to post a thought :-P I do have a few
    questions for you if you usually do not mind. Could it be simply
    me or does it look like like a few of these comments look
    as if they are left by brain dead visitors? :-P And,
    if you are writing at additional places, I would like to follow
    anything new you have to post. Could you make a
    list the complete urls of all your shared sites like your
    linkedin profile, Facebook page or twitter feed?

    Also visit my web page - used car dealerships in Valdosta ga