Monday, June 04, 2012

Security Advisory & Update Related to Flame

Microsoft discovered that some components of the Flame malware have been signed by certificates that allow software to appear as if it was produced by Microsoft.  Apparently there is an older cryptography algorithm that could be exploited and used to sign code to make it appear that it originated from Microsoft.

As a result, Microsoft released Security Advisory 2718704, Unauthorized Digital Certificates Could Allow Spoofing and a security update.  The security update revokes the trust of the following intermediate CA certificates:
  • Microsoft Enforced Licensing Intermediate PCA (2 certificates)
  • Microsoft Enforced Licensing Registration Authority CA (SHA1)

If you do not have automatic updating enabled, the update is available by checking for updates or can be downloaded from Microsoft KB Article 2718704.


References





Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: