Security 10808 Published by

Computerworld reports that Microsoft announced it will issue an update to its Windows Update to prevent copy-cat hackers from duplicating Flame's feat of infecting fully-patched PCs by faking the service.



On Sunday, Microsoft acknowledged that Flame -- the super-espionage toolkit that has infected Windows PCs throughout the Middle East, but appears to have been aimed at Iran in particular -- used fraudulent code-signing certificates generated by abusing the company's Terminal Services licensing certificate authority (CA), which is normally used by enterprises to authorize remote desktop services and sessions.

Later, Microsoft also confirmed that those certificates were used to sign bogus updates that were force-fed uninfected PCs by a Flame-compromised computer on the same network.
  Microsoft will update Windows Update to stymie Flame-like attacks