Microsoft calls on users to fix Flame security bug

Share this article:
Microsoft calls on users to fix Flame security bug
Microsoft calls on users to fix Flame security bug

Even though Flame's triggermen launched their malware through a "collision" attack that appears limited to hundreds of computers in the Middle East, mainly Iran, the same Windows vulnerability they used could be exploited through less sophisticated means and to target exponentially more machines.

That's why Microsoft on Monday evening EST clarified the advisory it released Sunday, which detailed an emergency patch necessary to prevent hackers from using bogus Microsoft digital certificates "to spoof content, perform phishing attacks, or perform man-in-the-middle attacks" -- all with the goal of stealing sensitive information.

"Our firm guidance is that customers should apply the update as soon as possible for one simple reason: The fact that malware can be created by attackers and made to look like it is from Microsoft would result in malware being installed," Microsoft Security Response Center Director Mike Reavey wrote in a blog post.

Flame spread via collision attacks, which can occur when two unique pieces of data have the same hash values. According to US-CERT, the cryptographic hash function MD5 is susceptible to collision attacks. Digital certificates, such as those issued by Microsoft, commonly employ MD5 signatures.

"The Flame malware used a cryptographic collision attack in combination with the terminal server licensing service certificates to sign code as if it came from Microsoft," Reavey wrote. "However, code-signing without performing a collision is also possible. This is an avenue for compromise that may be used by additional attackers on customers not originally the focus of the Flame malware."

Mikko Hypponen, chief research officer at Finnish security firm F-Secure and who has been closely following the Flame developments, wondered Monday in a blog post how devastating the exploit could have been.

"I guess the good news is that this [Flame] wasn't done by cyber criminals interested in financial benefit," he wrote. "They could have infected millions of computers. Instead, this technique has been used in targeted attacks, most likely launched by a Western intelligence agency."

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

Researchers observe more than a hundred connections to 'Backoff' sinkhole

Researchers with Kaspersky Lab were able to sinkhole two command-and-control servers used by certain Backoff point-of-sale malware samples.

Judge lifts stay but Microsoft won't hand over emails during appeal

A judge has lifted a suspension of a previous order compelling Microsoft to hand over customer emails stored on a server in Ireland.

Home Depot investigates possible payment card breach

Home Depot investigates possible payment card breach

Home Depot said on Tuesday that it is working with its banking partners and law enforcement to investigate a possible data breach.