The Microsoft Update You Need!

IT departments should install a Microsoft Security update to keep their users from being exploited by certificates used by the Flame malware attack against Iran’s computer networks.

The current update fixes vulnerabilities in Microsoft’s Terminal Server Licensing Service, which allowed the signing of software with certificates as if it were code coming from Microsoft.  Flame malware is among the most complex of viruses ever seen.

IT security professionals in organizations should take this seriously and make sure their network support is up to par with Microsoft’s current update. Malware has come in many different forms; in 2012 alone we have witnessed a jump in attacks from hackers and cybercriminals taking advantage of vulnerable networks, thus further exposing breaches in security for large corporations.

PCWorld.com talks more about the update from Microsoft Security: 

Businesses should install a Microsoft security update to avoid being duped by exploited certificates that were used as part of the Flame malware attack against targeted Iranian computer networks.

The update fixes a vulnerability in Microsoft’s Terminal ServerLicensing Service that allowed signing of software with certificates as if it were code originating from Microsoft, the company said in a blog post.

The post, written by Mike Reavey, the senior director of Microsoft Trustworthy Computing, says an older cryptography algorithm proved exploitable and could be used to sign malicious code to certify that it came from Microsoft.

Terminal Services Licensing Service provided certificates that were permitted to sign code as if it came from Microsoft, the blog says. The certificates were intended to authorize Remote Desktop services securely.

The company issued a security advisory about how to correct the problem, and recommends that customers apply the update using update management software or Microsoft Update service.

“The update revokes the trust of the following intermediate [certificate authority] certificates: Microsoft Enforced Licensing Intermediate PCA (2 certificates), Microsoft Enforced Licensing Registration Authority CA (SHA1),” the advisory says.

An intermediate CA is a certificate authority that doesn’t have the trust of the device it is connecting to, but it does have the trust of a root CA that the device does trust. Chains of intermediate CAs can lead back to a trusted root CA, and devices attempt to follow those chains to establish authenticity of certificates.

Weaknesses in this chain-of-trust system have were exploited repeatedly last year against SSL certificates used by browsers to authenticate websites. This led to repeated calls for a new authentication system.

Written by IT Management and Consulting Professionals at FedSolutions.  Thanks for stopping by!