Microsoft Aims to Harden Windows Update to Fight "Flame"
June 6, 2012 2:24 PM
Fighting copycats variants of a piece of escaped government malware is no easy task
In the Middle East, information technology experts are grappling with a very persistent piece of malware dubbed Flame. Flame is slightly older than the much-discussed Stuxnet worm. Stuxnet is a researcher-named escaped variant of "The Bug", a series of worms used in
an elaborate U.S. and Israeli cyber-sabotage program
code-named "Olympics Games". That effort was aimed (successfully) at
destroying Iranian nuclear weapons fuel enrichment centrifuges
I. Flame Forces Patch
Likewise, Flame is suspected to be written by the U.S. to target Iranian nuclear efforts or possibly Al Qaeda. However, its goals appeared to be aimed at reconnaissance rather than sabotage.
Regardless of the purpose, it is less subtle than "The Bug" variants, and while confined largely to the Middle East has been a top cleanup priority for Microsoft Corp. (
Rooting out the Flame worm is a top priority for Microsoft. [Image Source: Krishnan Vasuvedan]
Microsoft Security Response Center
blog, Microsoft laid out its plans to slay Flame and harden its
Windows Update (WU) process
Microsoft reports that Flame spread itself by using cryptography weaknesses in an older version of Microsoft's certification process. That allowed the software to pose as trusted signed software from Microsoft and install without warning the user.
Flame has narrowly targeted the Middle East, particularly Iran. [Image Source: Kapersky Labs]
In its blog, Microsoft warns, "As many reports assert, Flame has been used in highly sophisticated and targeted attacks and, as a result, the vast majority of customers are not at risk.... That said, our investigation has discovered some techniques used by this malware that could also be leveraged by less sophisticated attackers to launch more widespread attacks."
The blog goes on to reveal the company's current fix to the problem, outlining:
First, today we released a
outlining steps our customers can take to block software signed by these unauthorized certificates.
• Second, we released an update that automatically takes this step for our customers.
• Third, the Terminal Server Licensing Service no longer issues certificates that allow code to be signed.
II. Malicious Updates are a Harder Fix
But Flame illustrated deeper underlying security issues for Windows, in that Microsoft feared that copycats could tamper with the Windows Update process to prevent its potential removal. Some malware authors have been finding ways to literally "turn off" Windows Update, preventing fixes and patches from reach affected machines. And as Microsoft notes in its blog update, sophisticated attackers could even leverage Windows Update to deliver malware masquerading as signed Microsoft updates.
Malware writers could potentially disguise their malfeasant wares as Windows Updates.
The company writes that it plans on "hardening" WU, commenting:
To increase protection for customers, the next action of our mitigation strategy is to further harden Windows Update as a defense-in-depth precaution. We will begin this update following broad adoption of Security Advisory 2718704 in order not to interfere with that update’s worldwide deployment. We will provide more information on the timing of the additional hardening to Windows Update in the near future.
In other words, while sophisticated state-written malware like Flame and Stuxnet may have created headaches, both diplomatically and technologically, they served as a "full disclosure" warning of sorts to Microsoft. These attacks have given it the knowledge and motivation to patch some gaping holes that might have otherwise gone unnoticed and quietly exploited for some time -- or at least that's the glass half-full way of looking at the situation.
"It seems as though my state-funded math degree has failed me. Let the lashings commence." -- DailyTech Editor-in-Chief Kristopher Kubicki
NYT: President Obama Authorized Stuxnet Attack on Iran
June 1, 2012, 1:54 PM
Windows 8 Looks to Ditch the "Zombie" Security Restarts of Windows 7
November 15, 2011, 4:38 PM
Israel Suspected in Worm Sabotage of Iran's First Nuclear Plant
September 27, 2010, 10:45 AM
Nintendo Announced Next Game Machine to be Portable “handheld”.
October 21, 2016, 5:00 AM
Do you hate to do yard work?
October 20, 2016, 5:00 AM
Smart Technology Mood Collar To Understand Your Dog’s Emotions
October 17, 2016, 5:00 AM
iBeat: A heart monitoring smartwatch that can save lives by Monique C. Bethell, Ph.D
October 8, 2016, 10:25 AM
How Difficult it is to Buy Electronics
October 7, 2016, 6:00 AM
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
Most Popular Articles
Problems with Windows 10 – Update Now
October 15, 2016, 7:30 AM
End of the Road for the Audi R8 e-tron
October 15, 2016, 5:00 AM
Is Razer Blade Stealth Laptop For You?
October 16, 2016, 5:00 AM
Bluetooth Saves Lives
October 16, 2016, 7:05 AM
IBM – Cloud Object Storage Cheaper than Amazon S3
October 14, 2016, 5:00 AM
Latest Blog Posts
Nasa Flies Drones at Nevada Airport
Oct 21, 2016, 8:21 AM
T-Mobile Data Problems
Oct 20, 2016, 10:17 AM
Annoying Apple Watch Problems and How to Fix Them
Oct 20, 2016, 5:00 AM
Your Mail May Soon Be Delivered By Robot
Oct 19, 2016, 9:34 AM
2018 Jeep Wrangler Prototype Sells At Junkyard
Oct 18, 2016, 5:00 AM
Samsung Shines with Gold Edition Tablet
Oct 17, 2016, 9:24 AM
Tesla Hints Mysterious Product Debut for October 17th
Oct 16, 2016, 10:14 AM
Samsung Galaxy Note 7 Phones on US flights
Oct 15, 2016, 5:00 AM
Comcast Fined $2.3 Million For Unconfirmed Services Charged To Customers
Oct 14, 2016, 5:00 AM
“American singer / songwriter “Bob Dylan is awarded 2016 Nobel Prize in Literature.
Oct 13, 2016, 10:33 AM
Battery Defect in Medical Device
Oct 12, 2016, 5:00 AM
IBM Bolsters Social Services Sector With Technology Grants
Oct 11, 2016, 5:00 AM
Scientists Sound Alarm on Climate but US Still Toys With Skepticism
Oct 10, 2016, 5:00 AM
IMEX America Trade Show
Oct 9, 2016, 10:00 AM
Phone Wars – Google VS Samsung Free Gifts on Purchase
Oct 6, 2016, 5:00 AM
Member of Parliament’s opposition car exploded in Tbilist capital of Georgia
Oct 5, 2016, 2:52 PM
US Government Cuts Cord On Internet Oversight
Oct 3, 2016, 10:34 AM
Are farm children less likely to have allergies and asthma in adulthood?
Sep 30, 2016, 5:00 AM
More Blog Posts
Copyright 2016 DailyTech LLC. -
Terms, Conditions & Privacy Information