|
Last week's Flame virus was able to install itself thanks to apreviously undisclosed flaw in Windows, Microsoft says. Monday in a blog, Mike Reavey, a senior director with Microsoft'sSecurity Response Center, warned that the "Flame" malware which recently attacked systems across theMiddle East exploits a flaw in Windows . The good news is that Flame was used in highly sophisticated andtargeted attacks, so the vast majority of Microsoft customersshould not be at risk. Most antivirus products will now detect andremove this malware if detected, but Microsoft has also released a Security Advisory outlining steps customers need to take, and an update thatautomatically takes the steps for customers who don't want to takethe manual route. "We have discovered through our analysis that some components ofthe malware have been signed by certificates that allow software toappear as if it was produced by Microsoft," Reavey reports. "Weidentified that an older cryptography algorithm could be exploitedand then be used to sign code as if it originated from Microsoft." "Specifically, our Terminal Server Licensing Service, which allowedcustomers to authorize Remote Desktop services in their enterprise,used that older algorithm and provided certificates with theability to sign code, thus permitting code to be signed as if itcame from Microsoft," he adds. In addition to providing manual and automatic steps for blockingsoftware signed by the unauthorized certificates, the TerminalServer Licensing Service no longer issues certificates that allowcode to be signed. These three actions should help prevent othermalware components using this method to no longer have the abilityto appear as if they were produced by Microsoft. That said, hackers may already be taking note of the techniquesused by Flame and launch more widespread attacks with otherviruses, relying on Microsoft customers who will ignore theSecurity Advisory and automatic update. It's also possible thatsystems are already infected thanks to the same Windows flaw andremain undetected by end-users. Reavey said that Microsoftcontinues to investigate the issue and will take any appropriateactions to help protect its customers. News of the Flame virus surfaced last week . Researches said that technical evidence suggested it was built onbehalf of the same nation(s) that commissioned the Stuxnet wormthat attacked Iran's nuclear program back in 2010. Flame was ableto install itself on computers by tricking Windows into believingit was a legitimate program from Microsoft, as Reavey's blogindicates. UPDATE : Security firm Kaspersky Lab goes into great detail about Flame here . I am an expert from laser-beautymachine.com, while we provides the quality product, such as China Laser Beauty Machine , Liposuction Slimming Machine Manufacturer, Cavitation Beauty Machine,and more.
Related Articles -
China Laser Beauty Machine, Liposuction Slimming Machine Manufacturer,
|
