Microsoft Will Strengthen Windows Update To Repel Flame

Emergency patch was just the first step in stopping further Flame-type attacks

Microsoft plans to beef up security for its Windows Update process in response to the Flame attacks abuse of its digital certificates.
Hardening Windows Update is Microsofts next step in mitigating Flame and Flame-inspired attacks after
the emergency patch for Windows issued yesterday by the software giant
that revokes phony digital certificates used in the Flame targeted cyberespionage attacks.
[ Mostly overshadowed by this weeks discovery of Flame, the massive cyberespionage toolkit, was how Irans Computer Emergency Response Team (CERT) took an unprecedented lead role in disseminating information on the infection worldwide and released a removal tool. See
Iranian CERT Takes Center Stage With Flame
. ]
Mike Reavey, senior director of the Microsoft Security Response Team, called
Security Advisory 2718704
the first of several steps in a phased mitigation strategy to prevent further attacks from unauthorized Microsoft digital certificates. The patch basically killed the certs used by Flame and was just the first step the software giant is taking to snuff out copycat attacks.
Our firm guidance is that customers should apply the update as soon as possible for one simple reason: the fact that malware can be created by attackers and made to look like it is from Microsoft would result in the malware being installed. Removing these certificates is the best first step and the update released yesterday prevents these unauthorized certificates from being used to attack systems running Windows software, Reavey said in
a blog post late yesterday
.
He also revealed that Flame waged a collision attack against Microsoft Terminal Services encryption algorithm, but noted that attackers still could falsely sign code without performing a collision attack. This is an avenue for compromise that may be used by additional attackers on customers not originally the focus of the Flame malware, Reavey said. In all cases, Windows Update can only be spoofed with an unauthorized certificate combined with a man-in-the-middle attack.
Reavey didnt provide details on the update to Windows Update, but said that Microsoft will harden Windows Update to better protect against this type of attack. It will hold off on issuing any changes to Windows Update until after users have applied the new patch.
Meanwhile, endpoint security firm Bit9 says its whitelisting technology identified and stopped Flame multiple times at a customers site in the Middle East. The attack went on for several months, starting in October 2011 through April of this year, and Bit9 has confirmed it was Flame now that details have been revealed about the cyberespionage campaign.
The attack specifically targeted one machine at the organization -- which Bit9 declined to name -- and, at one point, tried to attack a vulnerability in Windows 10 days in a row, between 5:54 a.m. and 6:03 a.m., local time.
The targeted organization was definitely in the crosshair of the Flame attackers, he says. I dont think this was an inadvertent attack at all ... It was very targeted to one machine over an extended period of time at a specific time of day, says Harry Sverdlove, CTO at Bit9.
Flame never got to actually drop its payload on the targeted machine and set up a connection to the command-and-control infrastructure in the attack attempt, however, he says.
Have a comment on this story? Please click Add Your Comment below. If youd like to contact
Dark Readings
editors directly,
send us a message
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Microsoft Will Strengthen Windows Update To Repel Flame