This is NOT “nasty-grams” being sent from one to another across the Internet, this is an evolution of government-sponsored hacking!
Microsoft released a security alert and patch due to the disturbing news that the hugely complex Flame malware has spoofed MS-signed certificates, potentially making Microsoft Update a malware delivery mechanism.
Security researcher Mikko Hypponen states that the massive and complex Flame malware, linked to state-sponsored espionage and information-gathering, has managed to spoof Microsoft-signed digital certificates, creating the potential for man-in-the-middle attacks on the Microsoft Update system.
If the Flame module successfully performs a man-in-the-middle attack, it drops a file called WUSETUPV.EXE on to the target computer. As of now, however, “… It has not been used in large-scale attacks. Most likely this function was used to spread further inside an organization or to drop the initial infection on a specific system.”
Microsoft’s warning and patch are located on its support page. The Technet Security Advisory is:
Microsoft is aware of active attacks using unauthorized digital certificates derived from a Microsoft Certificate Authority. An unauthorized certificate could be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks. This issue affects all supported releases of Microsoft Windows.
Microsoft is providing an update for all supported releases of Microsoft Windows. The update revokes the trust of the following intermediate CA certificates:
Microsoft Enforced Licensing Intermediate PCA (2 certificates)
Microsoft Enforced Licensing Registration Authority CA (SHA1)
The investigation into the incident is ongoing, but the main takeaway for now is to patch immediately!
How? Use your Start button and, using All Programs, select Windows Update. Until you get the update, do not trust your automatic download!
Regards,
DK