[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Flame Windows Update Attack Could Have Been Repeated in 3 Days, Says Microsoft



http://www.wired.com/threatlevel/2013/03/flame-windows-update-copycat/

By Kim Zetter
Threat Level
Wired.com
03.01.13

When the sophisticated state-sponsored espionage tool known as Flame was exposed last year, there was probably no one more concerned about the discovery than Microsoft, after realizing that the tool was signed with an unauthorized Microsoft certificate to verify its trustworthiness to victim machines. The attackers also hijacked a part of Windows Update to deliver it to targeted machines.

After examining the nature of the certificate attack and everything the malicious actors needed to know to pull it off, Microsoft engineers estimated that they had about twelve days to fix the weaknesses it exploited before other, less sophisticated actors would be able to repeat the attack on Windows machines.

But then Microsoft conducted some tests to recreate the steps that copycat attackers would have to follow and discovered that it would take just three days in fact to repeat the Windows Update and certificate portion of the attack in order to deliver other signed malware to victim machines.

âSo thatâs when we switched to Plan B,â says Mike Reavey, senior director of the Microsoft Security Response Center, speaking at the RSA Security Conference on Thursday.

[...]

______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org