Microsoft calls on users to fix Flame security bug

Share this article:
Microsoft calls on users to fix Flame security bug
Microsoft calls on users to fix Flame security bug

Even though Flame's triggermen launched their malware through a "collision" attack that appears limited to hundreds of computers in the Middle East, mainly Iran, the same Windows vulnerability they used could be exploited through less sophisticated means and to target exponentially more machines.

That's why Microsoft on Monday evening EST clarified the advisory it released Sunday, which detailed an emergency patch necessary to prevent hackers from using bogus Microsoft digital certificates "to spoof content, perform phishing attacks, or perform man-in-the-middle attacks" -- all with the goal of stealing sensitive information.

"Our firm guidance is that customers should apply the update as soon as possible for one simple reason: The fact that malware can be created by attackers and made to look like it is from Microsoft would result in malware being installed," Microsoft Security Response Center Director Mike Reavey wrote in a blog post.

Flame spread via collision attacks, which can occur when two unique pieces of data have the same hash values. According to US-CERT, the cryptographic hash function MD5 is susceptible to collision attacks. Digital certificates, such as those issued by Microsoft, commonly employ MD5 signatures.

"The Flame malware used a cryptographic collision attack in combination with the terminal server licensing service certificates to sign code as if it came from Microsoft," Reavey wrote. "However, code-signing without performing a collision is also possible. This is an avenue for compromise that may be used by additional attackers on customers not originally the focus of the Flame malware."

Mikko Hypponen, chief research officer at Finnish security firm F-Secure and who has been closely following the Flame developments, wondered Monday in a blog post how devastating the exploit could have been.

"I guess the good news is that this [Flame] wasn't done by cyber criminals interested in financial benefit," he wrote. "They could have infected millions of computers. Instead, this technique has been used in targeted attacks, most likely launched by a Western intelligence agency."

Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.