14 DAY TRIAL // The malware commonly known as Flame has attracted the attention of many companies, mainly because of its level of sophistication and its targets. Now, Microsoft joins the ranks of firms that are doing everything in their power to ensure that attacks which leverage the malicious element are mitigated.
First of all, just like many others, Microsoft representatives are confident that most Internet users are not at risk because Flame has been mostly utilized in sophisticated targeted attacks. In addition, most antivirus solutions are easily able to identify the threat and remove it before it can cause any damage.
The Redmond company reveals that their analysis has led them to discover that some of the malware’s components are signed by digital certificates, which makes it less suspicious for security products.
“We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft,” Mike Reavey, senior director of MSRC, explained.
“Specifically, our Terminal Server Licensing Service, which allowed customers to authorize Remote Desktop services in their enterprise, used that older algorithm and provided certificates with the ability to sign code, thus permitting code to be signed as if it came from Microsoft.”
In order to further mitigate the threat posed by Flame, Microsoft has issued a security advisory, highlighting the procedures customers must follow to make sure that pieces of software signed by rogue certificates are blocked.
In addition, a security update has been made available. This update automatically performs the aforementioned tasks.
The final measure taken by Microsoft refers to the fact that the Terminal Server Licensing Service has stopped providing certificates that allow for pieces of code to be signed.
Users are advised to apply the latest updates to make sure they're protected. Furthermore, they can check out the security advisory made available by the company.