Microsoft calls on users to fix Flame security bug

Share this article:
Microsoft calls on users to fix Flame security bug
Microsoft calls on users to fix Flame security bug

Even though Flame's triggermen launched their malware through a "collision" attack that appears limited to hundreds of computers in the Middle East, mainly Iran, the same Windows vulnerability they used could be exploited through less sophisticated means and to target exponentially more machines.

That's why Microsoft on Monday evening EST clarified the advisory it released Sunday, which detailed an emergency patch necessary to prevent hackers from using bogus Microsoft digital certificates "to spoof content, perform phishing attacks, or perform man-in-the-middle attacks" -- all with the goal of stealing sensitive information.

"Our firm guidance is that customers should apply the update as soon as possible for one simple reason: The fact that malware can be created by attackers and made to look like it is from Microsoft would result in malware being installed," Microsoft Security Response Center Director Mike Reavey wrote in a blog post.

Flame spread via collision attacks, which can occur when two unique pieces of data have the same hash values. According to US-CERT, the cryptographic hash function MD5 is susceptible to collision attacks. Digital certificates, such as those issued by Microsoft, commonly employ MD5 signatures.

"The Flame malware used a cryptographic collision attack in combination with the terminal server licensing service certificates to sign code as if it came from Microsoft," Reavey wrote. "However, code-signing without performing a collision is also possible. This is an avenue for compromise that may be used by additional attackers on customers not originally the focus of the Flame malware."

Mikko Hypponen, chief research officer at Finnish security firm F-Secure and who has been closely following the Flame developments, wondered Monday in a blog post how devastating the exploit could have been.

"I guess the good news is that this [Flame] wasn't done by cyber criminals interested in financial benefit," he wrote. "They could have infected millions of computers. Instead, this technique has been used in targeted attacks, most likely launched by a Western intelligence agency."

Share this article:

Sign up to our newsletters

More in News

POS malware risks millions of payment cards for Michaels, Aaron Brothers shoppers

POS malware risks millions of payment cards for ...

An investigation dating back to January has finally confirmed that malware on point-of-sale systems may have compromised payment card data for millions of Michaels Stores and Aaron Brothers customers.

Phishing scam targets Michigan public schools

Unknown attackers used the finance director's email account to request wire transfers from the school district's accounting department.

Contempt order against Lavabit still stands, appeals court rules

Contempt order against Lavabit still stands, appeals court ...

A federal appeals court backed an earlier ruling penalizing the email service.