Wednesday, June 13, 2012

Microsoft Douses Flame

Today the Microsoft Security Response Center announced a revamp of the certificate management for Windows. This is in response to the Flame exploit, the details of which unfolded last week. The Flame exploit was reported to use a flaw in the MD5 hashing algorithm which allowed for "collisions" between different hash values, which is supposed to be impossible.

The creators of Flame (widely rumored to be the US government) used the exploit to poison the Windows Update mechanism and force infected machines to install more malware using Windows Update. It has been rumored to target machines in the Middle East.

From the Microsoft Blog:
This new automatic updater feature provides a mechanism that allows Windows to specifically flag certificates as untrusted. With this new feature, Windows will check daily for updated information about certificates that are no longer trustworthy. In the past, movement of certificates to the untrusted store required a manual update. This new automatic update mechanism, which relies on a list of untrusted certificates known as a Disallowed Certificate Trust List (CTL), is detailed on the PKI blog. We encourage all customers to install this new feature immediately.

No comments:

Post a Comment