sQuo Posted June 4, 2012 Share Posted June 4, 2012 This is the hidden content, please Sign In or Sign Up Microsoft released an emergency Windows This is the hidden content, please Sign In or Sign Up on Sunday after revealing that one of its trusted digital signatures was being abused to certify the validity of the Flame malware that has infected computers in Iran and other Middle Eastern Countries. The patch revoked three intermediate Microsoft certificates used in active attacks to “spoof content, perform phishing attacks, or perform man-in-the-middle attacks”.Microsoft also killed off certificates that were usable for code signing via Microsoft’s Terminal Services licensing certification authority (CA) that ultimately “chained up” to the Microsoft Root Authority.The authority issued certificates for users to authorise Remote Desktop services in their enterprises. The Microsoft blog post explains that a vulnerability in an old cryptography algorithm is exploited by some elements of Flame to make them appear as if they originated from Microsoft. Most systems around the world accept officially-signed Microsoft code as safe by default, so the malware would enter unnoticed. Windows users are urged to install the new KB2718704 patch. If you enabled Automatic Updates, the patch should automatically install. If not, you can open Windows Update on your PC and manually install it. Since the virus is highly targeted and can be caught by most antivirus programs, the "vast majority of customers are not at risk," according to Microsoft Link to comment Share on other sites More sharing options...
dR.fAn0 Posted June 4, 2012 Share Posted June 4, 2012 Thanks for the info . . . :goofy: Link to comment Share on other sites More sharing options...
Recommended Posts