Microsoft issues update to protect businesses from Flame malware

Businesses should install a Microsoft security update to avoid being duped by exploited certificates that were used as part of the Flame malware attack against targeted Iranian computer networks.

The update fixes a vulnerability in Microsoft‘s Terminal ServerLicensing Service that allowed signing of software with certificates asif it were code originating from Microsoft, the company said in a blogpost.

Thepost, written by Mike Reavey, the senior director ofMicrosoft Trustworthy Computing, says an older cryptography algorithmproved exploitable and could be used to sign malicious code to certifythat it came from Microsoft.

Terminal Services Licensing Service provided certificates that werepermitted to sign code as if it came from Microsoft, the blog says. Thecertificates were intended to authorize Remote Desktop servicessecurely.

The company issued a securityadvisory about how to correct the problem, and recommendsthat customers apply the update using update management software orMicrosoft Update service.

“The update revokes the trust of the following intermediate[certificate authority] certificates: Microsoft Enforced LicensingIntermediate PCA (2 certificates), Microsoft Enforced LicensingRegistration Authority CA (SHA1),” the advisory says.

An intermediate CA is a certificate authority that doesn’t have thetrust of the device it is connecting to, but it does have the trust ofa root CA that the device does trust. Chains of intermediate CAs canlead back to a trusted root CA, and devices attempt to follow thosechains to establish authenticity of certificates.

Weaknesses in this chain-of-trust system have were exploited repeatedlylast year against SSL certificates used by browsersto authenticatewebsites. This led to repeated calls for a new authentication system.

Tim Greene coversMicrosoft for Network World and writes the Mostly Microsoft blog. Reachhim at tgreene@nww.com and follow him on Twitter @Tim_Greene.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Related Tech News

Get ITBusiness Delivered

Our experienced team of journalists brings you engaging content targeted to IT professionals and line-of-business executives delivered directly to your inbox.