Microsoft Flame Patch

By | Jun 18, 2012

In response to recent reports of malware referred to as Flame, Microsoft has issued a security update. The emergency security update is an out-of-cycle release by the company to address attack vectors used by the newly discovered malware. It was first found on computers in the Middle East. Early reports of the infection suggest that it was designed for espionage. Most malware is designed for economic scams. This new strain is different, as its purpose is to steal and report user information and activities from infected computers.

According to reports by Brian Krebs of KrebsOnSecurity, Flame tries to disguise itself by using cryptographic signatures once used by Microsoft. Microsoft officials said in a blog post, "[The malware uses] Terminal Server Licensing Service, which allowed customers to authorize Remote Desktop services in their enterprise [...] thus permitting code to be signed as if it came from Microsoft." Security Advisory 2718704 is titled "Unauthorized Digital Certificates Could Allow Spoofing," as the certificates could be used to spoof content, or perform phishing or man-in-the-middle (MITM) attacks. The update affects all supported releases of Microsoft Windows.

A senior director at Microsoft said that the company released the advisory to prevent other attackers or malware from using the new malware's methods. The update, which blocks signing by the old crypto software, is available for download from Microsoft. The patch will appear in Windows Update and Automatic Update, and it will also be included in the next Patch Tuesday release.

Why Patching Matters

The power of the Internet and the multitude of news outlets work together to keep businesses and individuals informed of both outbreaks, and fixes to malware like Flame. The speed with which Microsoft and antivirus software producers released updates to combat such infections demonstrate the collective capacity to find, fix, and distribute "patches" to fix products that attacker can exploit.

While vendors respond quickly, it is critical for end-user companies to similarly respond quickly. Midsize business are becoming more favored targets to hackers. Their staff sizes are typically leaner, and statistics show that enterprise companies typically have stronger, more mature security programs.

The risks of not staying current with patching can have significant consequences, such as security breaches. An article on Midsize Insider discusses the importance of patch management as a critical operational discipline that every company of any size must perform, and perform consistently. Internet news services provide knowledge and increase awareness of current, actionable matters. Patching services exist for businesses that wish to outsource such activities. Businesses that outsource activities to cloud providers should understand and validate their practices and posture to assure that patching is performed in a timely manner.

Malware happens, but there are solutions to help manage the risks and keep business safe, protected and in continuous operation.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.

IBM Solution Security & Resiliency

IBM IT security expertise can help medium-sized businesses develop, implement and maintain comprehensive strategies to combat ever-evolving security threats without increasing complexity, cost, or resources required for administration.

Learn More »

More on This Topic

Three Security Concerns for 2016

By Allan Pratt on Dec 4, 2015
As we near the end of 2015, what will 2016 look like in the information security sector? Undoubtedly there be an increase in data breaches across all industries, but will businesses take the high road and inform their customers and ...