Printed from http://www.electronista.com

Flame signed with Microsoft Root Authority certificates

updated 09:40 pm EDT, Mon June 4, 2012

High priority update and security advisory posted

Earlier today, Microsoft has released a high-priority update and a security advisory after parts of the Flame malware platform were signed with one of the trusted digital certificates linked to the Microsoft Root Authority. The improper use of the certificates could mislead a user, bypass operating system safeguards, and permit the malware tool to be installed. The two intermediate certificate authorities used in the malware have been revoked.

The bulletin doesn't reveal who had access to the certificates, nor does it discuss the possibility that they may have been misused by authorized personnel. "What we found is that certificates issued by our Terminal Services licensing certification authority, which are intended to only be used for license server verification, could also be used to sign code as Microsoft." said the official Microsoft Security Research and Defense blog in regards to the use of the certificate.

Microsoft adds that most anti-virus packages will detect and remove Flame. Furthermore, Flame is a directed tool that won't propagate like a traditional computer virus, so the vast majority of customers are not at risk from the malware. They also conclude, however, that all users should perform the update process to ensure security. Only PCs with Windows installed are vulnerable to the Flame malware package.

Flame was discovered by Kaspersky at the end of May. The malware has possibly been in action since August of 2010. The malware doesn't seek to cause data loss or obtain financial information. Instead, the program logs just about everything possible on an infected system. Once present, it sniffs network traffic, takes screenshots, records audio conversations, logs keystrokes, and so on.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Asus Chromebook C300

When Chromebooks hit the market back in 2011, consumers didn't know what to do with them. The low-cost laptops, powered by Google's Ch ...

Plantronics BackBeat Pro Bluetooth headphones

Looking for a pair of headphones that can do everything a user requires is a task that can take some study. Trying to decide on in-ear ...

Lemur BlueDriver

"Oh no, the check engine light is on…again! What one of the hundreds of reasons could it be this time? Probably going to cost a fort ...

Sponsor

toggle

Most Commented

 
toggle

Popular News