Microsoft Aims to Harden Windows Update to Fight "Flame"
June 6, 2012 2:24 PM
comment(s) - last by
Fighting copycats variants of a piece of escaped government malware is no easy task
In the Middle East, information technology experts are grappling with a very persistent piece of malware dubbed Flame. Flame is slightly older than the much-discussed Stuxnet worm. Stuxnet is a researcher-named escaped variant of "The Bug", a series of worms used in
an elaborate U.S. and Israeli cyber-sabotage program
code-named "Olympics Games". That effort was aimed (successfully) at
destroying Iranian nuclear weapons fuel enrichment centrifuges
I. Flame Forces Patch
Likewise, Flame is suspected to be written by the U.S. to target Iranian nuclear efforts or possibly Al Qaeda. However, its goals appeared to be aimed at reconnaissance rather than sabotage.
Regardless of the purpose, it is less subtle than "The Bug" variants, and while confined largely to the Middle East has been a top cleanup priority for Microsoft Corp. (
Rooting out the Flame worm is a top priority for Microsoft. [Image Source: Krishnan Vasuvedan]
Microsoft Security Response Center
blog, Microsoft laid out its plans to slay Flame and harden its
Windows Update (WU) process
Microsoft reports that Flame spread itself by using cryptography weaknesses in an older version of Microsoft's certification process. That allowed the software to pose as trusted signed software from Microsoft and install without warning the user.
Flame has narrowly targeted the Middle East, particularly Iran. [Image Source: Kapersky Labs]
In its blog, Microsoft warns, "As many reports assert, Flame has been used in highly sophisticated and targeted attacks and, as a result, the vast majority of customers are not at risk.... That said, our investigation has discovered some techniques used by this malware that could also be leveraged by less sophisticated attackers to launch more widespread attacks."
The blog goes on to reveal the company's current fix to the problem, outlining:
First, today we released a
outlining steps our customers can take to block software signed by these unauthorized certificates.
• Second, we released an update that automatically takes this step for our customers.
• Third, the Terminal Server Licensing Service no longer issues certificates that allow code to be signed.
II. Malicious Updates are a Harder Fix
But Flame illustrated deeper underlying security issues for Windows, in that Microsoft feared that copycats could tamper with the Windows Update process to prevent its potential removal. Some malware authors have been finding ways to literally "turn off" Windows Update, preventing fixes and patches from reach affected machines. And as Microsoft notes in its blog update, sophisticated attackers could even leverage Windows Update to deliver malware masquerading as signed Microsoft updates.
Malware writers could potentially disguise their malfeasant wares as Windows Updates.
The company writes that it plans on "hardening" WU, commenting:
To increase protection for customers, the next action of our mitigation strategy is to further harden Windows Update as a defense-in-depth precaution. We will begin this update following broad adoption of Security Advisory 2718704 in order not to interfere with that update’s worldwide deployment. We will provide more information on the timing of the additional hardening to Windows Update in the near future.
In other words, while sophisticated state-written malware like Flame and Stuxnet may have created headaches, both diplomatically and technologically, they served as a "full disclosure" warning of sorts to Microsoft. These attacks have given it the knowledge and motivation to patch some gaping holes that might have otherwise gone unnoticed and quietly exploited for some time -- or at least that's the glass half-full way of looking at the situation.
This article is over a month old, voting and posting comments is disabled
RE: School for Jason Mick ?
6/6/2012 5:31:08 PM
Don't get me wrong, I think people can be too picky about some rules - writers should have the freedom to violate some "standards" like starting a sentence with "And..." or inserting hyphens or other symbols to help convey complex meaning in non-standard ways. However, there is a significant difference between bending the rules on purpose and making simple mistakes that can change the meaning being conveyed. Those "mundane" things are there for a reason - so other people can understand what you're writing.
I find it extremely disappointing that this site seems to care so little. You apparently don't think it is very important; and Jason certainly doesn't judging by his writing. Perhaps DT should focus on doing video-blogs since you won't have to actually worry about spelling. The grammatical mistakes can be ameliorated by the tone and rhythm of your speech. Of course, someone will probably get lazy with that at some point and start pronouncing words wrong. When people complain, you can always say how "mundane" the rules of pronunciation are...
How about trying to shoot for higher standards instead of accepting the tyranny of the lowest common denominator? I am no writer - nor do I claim to be - but I at least try. This is part of your job, try and do it well.
RE: School for Jason Mick ?
6/7/2012 9:20:09 AM
so people should write in their mother tongue and then expect the reader to use babblefish or something like it? i would like that a little bit more of the people who were born by luck (or should say accident ?) in an anglo saxon speaking country would show some tolerance towards the people that don't have english as their mother tongue. makes me almost want chinese to become the international language and reduce 99.5 % of US citizens to international near illiterate state (just to make them see the stupidity of their arrogance). attacks on people their language skills is something i only see on english forums, never (well, at least not that i have seen) on german, dutch or french forums.
"We shipped it on Saturday. Then on Sunday, we rested." -- Steve Jobs on the iPad launch
NYT: President Obama Authorized Stuxnet Attack on Iran
June 1, 2012, 1:54 PM
Windows 8 Looks to Ditch the "Zombie" Security Restarts of Windows 7
November 15, 2011, 4:38 PM
Israel Suspected in Worm Sabotage of Iran's First Nuclear Plant
September 27, 2010, 10:45 AM
UK Teachers Want Parents to Cut-Off Their Children's Internet, Tablet Use at Night
April 17, 2014, 3:40 PM
Quick Note: Chrome Remote Desktop App for Android Launches
April 17, 2014, 9:26 AM
Report: Apple Plans to Integrate Shazam Song Finding Functionality into Siri
April 17, 2014, 9:15 AM
Bring Your Own Battery: LG Isai FL Likely is G3, First U.S. Quad-HD Android
April 16, 2014, 7:38 PM
Project Moonshine: Google's Plan to Flatten Android App Icons Leaks
April 16, 2014, 1:46 PM
Apple, Microsoft, and Major U.S. Wireless Carriers Embrace Smartphone "Kill Switch"
April 16, 2014, 10:08 AM
Most Popular Articles
Cities to Carpoolers: Sharing Your Car is Illegal, We Will Seize Your Cars
April 4, 2014, 9:17 PM
Taiwan's AOU Claims to Have World's Highest-Res. OLED Smartphone Display
April 11, 2014, 1:44 PM
iPad Exploiter is Freed by Federal Appeals Court
April 11, 2014, 7:40 PM
It's Very Likely Neanderthals and Humans Had Sex, Produced Offspring
April 10, 2014, 8:40 PM
A-10 Warthog May Live to Fight Another Day with Support from Lawmakers
April 14, 2014, 9:41 AM
Latest Blog Posts
Facebook Aims to Provide Internet to "Every Person in the World" with Drones, Satellites
Apr 1, 2014, 10:20 AM
Retail Mobile Sites Experience Outages in Light of Simplexity's Bankruptcy
Mar 14, 2014, 8:48 AM
Tesla vs. BMW: Who Has the Safer EV?
Feb 1, 2014, 2:56 PM
Justice Leaks Details of Next HTC One Two Flagship Phone
Dec 5, 2013, 4:04 PM
Global Cyber Espionage Concerns Reveal Growing Cyber Armies
Nov 29, 2013, 11:04 AM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information