Microsoft released an emergency Windows update
on Sunday after revealing that one of its trusted digital signatures
was being abused to certify the validity of the Flame malware that has
infected computers in Iran and other Middle Eastern Countries.
The patch revoked three
intermediate Microsoft certificates used in active attacks to “spoof
content, perform phishing attacks, or perform man-in-the-middle
attacks”.Microsoft also killed off certificates that were usable for
code signing via Microsoft’s Terminal Services licensing certification
authority (CA) that ultimately “chained up” to the Microsoft Root
Authority.The authority issued certificates for users to authorise
Remote Desktop services in their enterprises.
The Microsoft blog post explains that a
vulnerability in an old cryptography algorithm is exploited by some
elements of Flame to make them appear as if they originated from
Microsoft. Most systems around the world accept officially-signed
Microsoft code as safe by default, so the malware would enter unnoticed.
Windows users are urged to
install the new KB2718704 patch. If you enabled Automatic Updates, the
patch should automatically install. If not, you can open Windows Update
on your PC and manually install it.
Since the virus is highly targeted and can be caught by most antivirus programs, the "vast majority of customers are not at risk," according to Microsoft.
No comments:
Post a Comment