Microsoft released an emergency Windows Update over the weekend to address a certificate spoof issue. The company said on Sunday that its update for all supported versions of Windows is related to the recently discovered Flame malware, where the software giant says it discovered this particular malware was using a spoofed Microsoft certificate. "We have discovered through our analysis that some components of the malware [Flame] have been signed by certificates that allow software to appear as if it was produced by Microsoft," revealed Microsoft's Mike Reavey.
The digital certificate issue, stemming from a problem with Microsoft's Terminal Server Licensing Service cryptography algorithm, could make malware appear as if it was a genuine Microsoft software product. Microsoft's modern operating systems, like Windows 7 and Vista, use methods (like UAC) to present a software publishers details upon installation. Microsoft's emergency patch now prevents malware from appearing as if it was produced by Microsoft. The flaw also affects Windows Mobile 6.x and Windows Phone 7 / 7.5, but the company has not yet issued a fix for its mobile products.
It's not immediately clear who is responsible for the Flame malware, described as a complex cyberespionage trojan. Flame was discovered on thousands of machines across the Middle East recently, and can be up to 20MB in size. Stuxnet, a previous family of malware that targeted Iranian uranium enrichment facilities, appears to have involved the US goverment according to recent reports. Kaspersky, who discovered Flame, say it may take a year's worth of effort to understand the code behind this latest malware — due to its size and complexity.