Flame Compromises Key Microsoft Security System

By Hum
in Back Page News

 Share

Recommended Posts

Grand Master

Hum

Posted
Posted

The cyber espionage super bug Flame compromised a key Microsoft security system, the company has now revealed, prompting Microsoft to issue an emergency patch to its millions of customers because of fears of what one expert called potential "collateral damage" from the U.S. and Israel's cyber war against Iran.

In an alert issued late Sunday, Microsoft told customers that the authors of Flame -- a highly sophisticated surveillance computer virus discovered on networks in the Middle East and Iran -- had figured out how to use Microsoft's own security system to forge digital security certificates, which then allowed the malicious code to spread undetected by anti-virus programs. Digital certificates are in part designed to authenticate interactions online and help protect computer networks from being accessed by unauthorized users.

Microsoft fixed the security breach, but was also forced to add the compromised certificates to its own growing list of "untrusted" certificates.

Microsoft said that since Flame was such a precisely targeted attack, a vast majority of customer systems that use digital certificates -- which includes U.S. government and financial institutions -- were not in danger of being infected, but said it had to take action because the same technique could be used by other "less sophisticated attackers to launch more widespread attacks."

source

Link to comment
Share on other sites
Grand Master

Argi

Posted
Posted

The certificates aren't compromised. From what the blog describes it was an oversight in the issuing process that allowed them to be used to sign code (which they aren't intended for).

Link to comment
Share on other sites
Grand Master

Argi

Posted
Posted

The certificates aren't compromised. From what the blog describes it was an oversight in the issuing process that allowed them to be used to sign code (which they aren't intended for).

Correcting myself - article on Ars indicates that it was.

Link to comment
Share on other sites
Grand Master

primexx

Posted
Posted

ah so this must be it. i was wondering what could be so urgent to warrant an out of band patch one day week before patch tuesday

edit: oops, just checked my calendar it's next tuesday, that makes more sense.

Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing