Microsoft issues Flame-resistant certificate updater

Microsoft has released an automated updater that will flag revoked digital certificates to protect against malware such as Flame, which spread by forging Microsoft certificates to fool Windows machines into accepting the malicious code.

The updater, available for Windows 7, Vista, Server 2008 and Windows Server 2008 R2, will flag as untrusted any digital certificates that have been compromised or are in some other way considered not trustworthy, Microsoft said on its support site.

“After this update is installed, customers benefit from quick automatic updates of untrusted certificates,” the company said.

Related coverage:

Researchers find ‘proof’ of Flame-Stuxnet link

Flame spyware used forged Microsoft certificates

Flame, a large, sophisticated piece of spyware discovered in May attacking computers in Iran, other Middle Eastern countries and several in Europe, spread by spoofing Microsoft certificates to make it appear it was coming from Microsoft.

Cryptography experts have said it used a previously unseen “chosen prefix collision attack” to hack into the Windows Update system, displaying a level of cryptanalysis that they described as “world class.”

It was detected in a relatively small number of computers, mostly in Iran and the Palestinian West Bank, and its complexity led security experts to suspect it was the work of a nation-state. Researchers at Kaspersky Labs said they found that some code in Flame had been shared with Stuxnet, which news reports have attributed to the United States and Israel.

After the Flame’s certificate spoofing was uncovered, Microsoft June 3 released an emergency patch that revoked the certificates involved.

About the Author

Kevin McCaney is a former editor of Defense Systems and GCN.

inside gcn

  • Google Map of free sandbags in Los Angeles

    When simple is best: Google Maps for disaster prep

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group