Flame virus spread through rogue Microsoft security certificates

Microsoft released an emergency Windows update on Sunday after revealing that one of its trusted digital signatures was being abused to certify the validity of the Flame malware that has infected computers in Iran and other Middle Eastern Countries.

The digital certificate issue, stemming from a problem with Microsoft's Terminal Server Licensing Service cryptography algorithm, could make malware appear as if it was a genuine Microsoft software product. Microsoft's modern operating systems, like Windows 7 and Vista, use methods (like UAC) to present a software publishers details upon installation.

"We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft. We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft. Specifically, our Terminal Server Licensing Service, which allowed customers to authorize Remote Desktop services in their enterprise, used that older algorithm and provided certificates with the ability to sign code, thus permitting code to be signed as if it came from Microsoft," said Mike Reavey, a senior director of the Microsoft Trustworthy Computing.

Windows users are urged to install the new KB2718704 patch. If Automatic Updates are enabled, the patch should automatically install. If not, users can open Windows Update on their PC and manually install it.

Read more -here-

• Dell confirms database hacked - hacker says 49 million customers hit
• Google releases emergency fix for new Chrome zero-day flaw
• Disney+, Hulu and Max team up for streaming bundle package
• OpenAI is reportedly working on a search feature for ChatGPT
• TikTok, ByteDance sue to block US law seeking sale or ban of app
• OpenAI partners with Stack Overflow to make models better at coding