Microsoft has pushed out a security update for Windows to seal a hole exploited by the sophisticated Flame malware.
The update prevents Flame or other bits of malware spoofing Microsoft certificates to phish, spoof content, or perform man-in-the-middle attacks, Microsoft said on Sunday.
By cracking an old cryptography algorithm, Flame can appear to be a legitimate piece of Windows code, Mike Reavey, a senior director for Microsoft Trustworthy Computing, wrote on Sunday.
The update prevents this exploit by revoking the trust of the “Microsoft Enforced Licensing Intermediate PCA” and the “Microsoft Enforced Licensing Registration Authority CA (SHA1)”.
The Flame virus was identified in late-May. It was found on computers across the Middle East, with a particular emphasis on Iranian computers. It is so sophisticated that security researchers believe it may be state sponsored, putting it into the same league as the notorious Stuxnet virus which disrupted operations at an Iranian nuclear plant.
“Flame has been used in highly sophisticated and targeted attacks and, as a result, the vast majority of customers are not at risk,” Reavey wrote. “Additionally, most antivirus products will detect and remove this malware. That said, our investigation has discovered some techniques used by this malware that could also be leveraged by less sophisticated attackers to launch more widespread attacks.”
Microsoft published full technical details of how it detected and worked to alleviate the Flame problems on its Security, Research and Defence blog.