Barney's Blog

Blog archive

That Microsoft Certificate Is Bogus, Man

The Flame virus may not have spread like wildfire, but it packed a little heat, nonetheless. This thing never would have got around at all were it not for fake security certificates purporting to be from Microsoft. Using these, the malware was able to sign on as if it were an actual honest-to-goodness Microsoft product.

It appears the vulnerability is not widespread, is limited to older revs of Terminal Services and only cracks unpatched systems.

Microsoft's advice? Get patched! If you have automatic updates, you are probably already all set. More on this will be learned and perhaps more patch code released next Tuesday.
The Flame virus could be real bad news in the long run as some security folks think it was built with spying and international troublemaking in mind. Like some hunks of malware, this could stick around in various forms for years to come.

Posted by Doug Barney on 06/08/2012 at 1:19 PM


Featured

  • Microsoft Warns IT Pros on Windows Netlogon Fix Coming Next Month

    Microsoft on Thursday issued a reminder to organizations to ensure that their systems are properly patched for a "Critical"-rated Windows Netlogon vulnerability before next month's "update Tuesday" patch distribution arrives.

  • Microsoft Nudging Skype for Business Users to Teams

    Microsoft on Thursday announced some perks and prods for Skype for Business unified communications users, with the aim of moving them to the Microsoft Teams collaboration service instead.

  • How To Improve Windows 10's Sound and Video Quality

    Windows 10 comes with built-in tools that can help users get the most out of their sound and video hardware.

  • Microsoft Offers More 'Solorigate' Advice Using Microsoft 365 Defender Tools

    Microsoft issued yet another article with advice on how to use its Microsoft 365 Defender suite of tools to protect against "Solorigate" advanced persistent threat types of attacks in a Thursday announcement.

comments powered by Disqus