/>
X

Microsoft patches Windows to quell Flame

Microsoft has pushed out a security update for Windows to seal a hole exploited by the sophisticated Flame malware.The update prevents Flame or other bits of malware spoofing Microsoft certificates to phish, spoof content, or perform man-in-the-middle attacks, Microsoft said on Sunday.
jack-clark.jpg
Written by Jack Clark, Reporter on

Microsoft has pushed out a security update for Windows to seal a hole exploited by the sophisticated Flame malware.

The update prevents Flame or other bits of malware spoofing Microsoft certificates to phish, spoof content, or perform man-in-the-middle attacks, Microsoft said on Sunday.

By cracking an old cryptography algorithm, Flame can appear to be a legitimate piece of Windows code, Mike Reavey, a senior director for Microsoft Trustworthy Computing, wrote on Sunday.

The update prevents this exploit by revoking the trust of the "Microsoft Enforced Licensing Intermediate PCA" and the "Microsoft Enforced Licensing Registration Authority CA (SHA1)".

The Flame virus was identified in late-May. It was found on computers across the Middle East, with a particular emphasis on Iranian computers. It is so sophisticated that security researchers believe it may be state sponsored, putting it into the same league as the notorious Stuxnet virus which disrupted operations at an Iranian nuclear plant.

"Flame has been used in highly sophisticated and targeted attacks and, as a result, the vast majority of customers are not at risk," Reavey wrote. "Additionally, most antivirus products will detect and remove this malware. That said, our investigation has discovered some techniques used by this malware that could also be leveraged by less sophisticated attackers to launch more widespread attacks."

Microsoft published full technical details of how it detected and worked to alleviate the Flame problems on its Security, Research and Defence blog.

Related

He flew American Airlines, she flew United. For both, the unthinkable happened
screen-shot-2022-06-30-at-10-14-36-am.png

He flew American Airlines, she flew United. For both, the unthinkable happened

Business
Giant data breach? Leaked personal data of one billion people has been spotted for sale on the dark web
close-up-of-a-womans-hands-typing-on-a-keyboard-in-the-dark.jpg

Giant data breach? Leaked personal data of one billion people has been spotted for sale on the dark web

Security
Southwest Airlines has cancelled 20,000 flights. Now for the really bad news
screen-shot-2021-07-07-at-4-01-12-pm.png

Southwest Airlines has cancelled 20,000 flights. Now for the really bad news

Business