Microsoft updates certificate system to tackle Flame

Microsoft has updated its security certificate platform in response to the recent discovery of the Flame malware attack.

Microsoft said that it would be issuing the updates to prevent the use of unsigned security certificates which could be presented to users as authentic and issued by Microsoft. According to Microsoft, such techniques have been used by Flame's creators and could be adopted for other attacks.

"Our investigation has discovered some techniques used by this malware that could also be leveraged by less sophisticated attackers to launch more widespread attacks," Microsoft Security Response Center senior director Mike Reavey said in a blog posting.

"Therefore, to help protect both targeted customers and those that may be at risk in the future, we are sharing our discoveries and taking steps to mitigate the risk to customers."

Among the updates being issued by Microsoft are patches which will automatically block the certificates used in the Flame attack. Additionally, the company is removing the ability for the Terminal Server Licensing Service to issue certificates which allow for code to be signed.

"These actions will help ensure that any malware components that might have been produced by attackers using this method no longer have the ability to appear as if they were produced by Microsoft," Reavey explained.

Since its discovery in late May, the Flame malware has sent security vendors and researchers alike scrambling for answers and updates. With its massive payload and sophisticated attack techniques, Flame is widely believed to be an industrial espionage tool developed in a state-sponsored programme.

Though the risk of attack from the malware itself is seen as minimal for nearly all firms in Europe and North America, malware writers could mimic Flame's techniques for infecting systems and avoiding detection in future attacks.