updated 09:40 pm EDT, Mon June 4, 2012
High priority update and security advisory posted
Earlier today, Microsoft has released a high-priority update and a security advisory after parts of the Flame malware platform were signed with one of the trusted digital certificates linked to the Microsoft Root Authority. The improper use of the certificates could mislead a user, bypass operating system safeguards, and permit the malware tool to be installed. The two intermediate certificate authorities used in the malware have been revoked.
The bulletin doesn't reveal who had access to the certificates, nor does it discuss the possibility that they may have been misused by authorized personnel. “What we found is that certificates issued by our Terminal Services licensing certification authority, which are intended to only be used for license server verification, could also be used to sign code as Microsoft.” said the official Microsoft Security Research and Defense blog in regards to the use of the certificate.
Microsoft adds that most anti-virus packages will detect and remove Flame. Furthermore, Flame is a directed tool that won't propagate like a traditional computer virus, so the vast majority of customers are not at risk from the malware. They also conclude, however, that all users should perform the update process to ensure security. Only PCs with Windows installed are vulnerable to the Flame malware package.
Flame was discovered by Kaspersky at the end of May. The malware has possibly been in action since August of 2010. The malware doesn't seek to cause data loss or obtain financial information. Instead, the program logs just about everything possible on an infected system. Once present, it sniffs network traffic, takes screenshots, records audio conversations, logs keystrokes, and so on.