Microsoft "hardens" Windows Update against Flame
By Reuters and Nicole Kobie
Posted on 6 Jun 2012 at 08:26
Microsoft has issued an update after revealing that the Flame virus uses a faked Windows security certificate to fool PCs.
News of the Flame virus surfaced a week ago when cyber security experts described it as one of the most sophisticated pieces of malicious software discovered to date.
Microsoft said that the hackers who built Flame exploited a security certificate that allowed them to trick PCs into believing it was a legitimate piece of software from Microsoft. The software was then downloaded onto computers using Microsoft Update.
Over the weekend, Mike Reavey, senior director of the Microsoft Security Response Center, said in a blog post that Microsoft invalidated the unauthorised certificates, and said it would "harden" Windows Update as "a defence-in-depth precaution".
The fact that malware can be created by attackers and made to look like it is from Microsoft would result in the malware being installed
Microsoft said on its website that it was releasing software to fix the bug using its Windows Update system. "Our firm guidance is that customers should apply the update as soon as possible for one simple reason: the fact that malware can be created by attackers and made to look like it is from Microsoft would result in the malware being installed," Reavey said.
But security experts said machines infected with some advanced viruses may not benefit from that update because those viruses had disabled the Windows Update software.
That is partially what prompted the need to further boost the security of the Windows Update feature, they said.
"If Microsoft is going to 'harden' the update feature, they must also prevent writers of malicious software from disabling the updating process on local computers," said John Bumgarner, chief technology officer of the US Cyber Consequences Unit, a non-profit think-tank that studies the impact of cyber warfare.
Reavey said that Microsoft was taking the flaw in Windows seriously because the bug could be exploited by developers of less sophisticated viruses to launch more widespread attacks. Microsoft declined to say whether such attacks have already taken place.
Security experts are still investigating the virus, which they believe was released specifically to target computers in Iran and across the Middle East, similar to the Stuxnet worm that attacked Iran's nuclear program in 2010.
Security experts said Flame likely only infected several thousand computers and was targeted at entities that would be of interest to nations involved in espionage.
- Huawei Ascend P6 review: first look
- Adobe Illustrator CC review: first look
- Let MPs tell us what they really want ISPs to block
- Adobe Photoshop CC review: first look
- WWDC 2013 and iOS 7 launch: live blog
- Sony VAIO Pro review: first look
- Want child porn blocked? Meet the IWF
- Is it worth upgrading a media centre to Windows 8?
- Flickr redesign: is it enough to tempt photographers back?
- Hands on with the new Google Maps
- Google two-step verification: a must for business email
- Yes, I write down my passwords
- How to deal with a ransomware attack
- How secure is your Wi-Fi network?
- How QR codes caught out the security pros
- Why I do not trust Do Not Track... yet
- The hard disks you can "secure" with a single-digit password
- Why I've started using a password manager
- Time to kill off CAPTCHA
- Are today's young people Generation I (for insecure)?