Flame spread via fake Microsoft security certificates
By Tony Bradley, PC World (US) | Jun 6, 2012
Andrew Storms, director of security operations for nCircle, declares, “The discovery of a bug that’s been used to circumvent Microsoft’s secure code certificate hierarchy is a major breach of trust, and it’s a big deal for every Microsoft user. It also underscores the delicate and problematic nature of the trust models behind every Internet transaction.”
The weak algorithm is a function of the Terminal Server Licensing Service, which allowed IT admins to authorize Remote Desktop services on Windows-based networks. The algorithm in question was used to generate security certificates with the ability to sign code so that it is accepted as legitimate Microsoft code.
Microsoft is taking steps to deal with this issue. First, it released the security advisory which explains the issue in detail and provides steps IT admins can use to block software signed by the rogue security certificates. Microsoft also released an update, which automatically implements those same steps to make it easier for customers to prevent malware using the spoofed certificates from slipping through.