[ISN] Flame Windows Update Attack Could Have Been Repeated in 3 Days, Says Microsoft

From: InfoSec News <alerts_at_private>
Date: Mon, 4 Mar 2013 00:42:42 -0600 (CST)

By Kim Zetter
Threat Level

When the sophisticated state-sponsored espionage tool known as Flame was 
exposed last year, there was probably no one more concerned about the discovery 
than Microsoft, after realizing that the tool was signed with an unauthorized 
Microsoft certificate to verify its trustworthiness to victim machines. The 
attackers also hijacked a part of Windows Update to deliver it to targeted 

After examining the nature of the certificate attack and everything the 
malicious actors needed to know to pull it off, Microsoft engineers estimated 
that they had about twelve days to fix the weaknesses it exploited before 
other, less sophisticated actors would be able to repeat the attack on Windows 

But then Microsoft conducted some tests to recreate the steps that copycat 
attackers would have to follow and discovered that it would take just three 
days in fact to repeat the Windows Update and certificate portion of the attack 
in order to deliver other signed malware to victim machines.

“So that’s when we switched to Plan B,” says Mike Reavey, senior director of 
the Microsoft Security Response Center, speaking at the RSA Security Conference 
on Thursday.


Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
Received on Sun Mar 03 2013 - 22:42:42 PST

This archive was generated by hypermail 2.2.0 : Sun Mar 03 2013 - 22:34:47 PST