It seems like the malware called "Flame" has managed to obtain a certificate which looks like it is a genuine one from Microsoft. What happens is that the malware will try to do a man-in-the-middle attack. It will trick Windows into thinking it is receiving a legit update from Microsoft, and install it. A patch is already out which removes the certificate from the list of trusted ones in Windows. The update is called "KB2718704" and everyone should install it eminently. It is available through the Windows Update and Microsoft's website. Please only install this update before installing any other update.
There is no need to panic, but you should update as fast as possible because this is a pretty big security hole.
From F-Secure's article:
>I guess the good news is that this wasn't done by
cyber criminals interested in financial benefit. They could have
infected millions of computers. Instead, this technique has been used in
targeted attacks, most likely launched by a Western intelligence
agency.
Most info can be found here: F-Secure's website
No comments:
Post a Comment