Microsoft has released a rare out-of-cycle security advisory for the Flame malware.
Flame — together with a letter from a reader — highlights possible cracks in our trust of Internet security certificates.
Flame malware triggers a preventive update
Last week, there were published reports that the Flame virus might be cyber warfare targeted at Iran’s nuclear operations — and that the source of the attack was the United States. A New York Times article pointed the finger at both the Bush and Obama administrations — along with the Israelis — as the source for Flame’s progenitor, the Stuxnet worm. The origins of Flame are still under investigation, according to the story. But there is speculation that Stuxnet made it out into the wild and changed into Flame.
It’s Flame that has triggered a rare out-of-cycle MS Security Advisory update, released June 3. KB 2718704 is for all supported versions of Windows, including the just-released Windows 8 Release Preview. In the advisory, Microsoft notes that there are “active attacks using unauthorized digital certificates.” You can find more on this threat in a June 3 MS Security Research & Defense blog.
A post on the didierstevens.com site has nice before-and-after screen shots of the signature revoked by the update.
Attackers discovered that they could create bogus certificates and distribute them through Microsoft’s Terminal Services Licensing Service, which MS uses for issuing some enterprise certificates. Terminal Services is a Microsoft technology that allows servers to share computing sessions as if they were desktop PCs; it also allows multiple users to access individual desktops.
What to do: Install KB 2718704 as soon as possible. Vista and Windows 7 will not need rebooting; Windows XP, however, will.