Microsoft has issued a warning about, and an update designed to combat, malware known as “Flame,” a virus that spread by unauthorized use of one of Microsoft’s own digital security certificates. An unauthorized certificate could be used to spoof content.
Though the issue affects all supported releases of Windows, “Flame has been used in highly sophisticated and targeted attacks and, as a result, the vast majority of customers are not at risk,” according to an official Microsoft blog post. “That said, our investigation has discovered some techniques used by this malware that could also be leveraged by less sophisticated attackers to launch more widespread attacks.”
According to Microsoft:
We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft. We identified that an older cryptography algorithm could be exploited and then be used to sign code as if it originated from Microsoft.