Microsoft releases Automatic Updater and Fix It solution to counter Flame malware

As reported earlier in a post which pointed out the connection between Flame and Stuxnet, Flame has been named to be one of the most complicated malware ever written. Security analysts have also made clear that it might be a state-sponsored attack.

As Locutus reported earlier, some Gmail accounts have already been compromised, and now Google displays a warning to compromised users about “state-sponsored attacks”. The method of Flame’s attack might also remind us about the little and simple advice that many security experts, as well as bloggers, always give us: do not login with Administrative privileges for daily usage. According to Microsoft, a attacker who is able to exploit the Windows vulnerability will be able to attain all the privileges held by the active user. So, it’s time to understand what everyone really meant by “do not login as Administrator”.

From the time it was first detected, security firms have been working to provide updates and tools to remove Flame. Certain security vulnerabilities of computers running Windows operating system were being exploited by Flame. Flame injected itself into Windows PCs by spoofing a Microsoft Digital Certificate which enabled it to look legitimate to the operating system. It spread to the target systems through the Windows Update facility. To block the spread of Flame, by updating the non-legitimate certificate list automatically, Microsoft has now released an auto-update facility for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.

For more details about the auto-updater, visit Microsoft Support. Microsoft has also released a Fix It solution which “blocks the attack vector for this vulnerability”.

Related Posts

  • Irwin Mainway

    Windows XP’s Windows Update was updated in 2012, one of those 130 Security updates after SP3 release.
    Version of wuaueng.dll = 7.6.7600.256 same as Windows 7,

  • jivadas

    When I try to subscribe to a thread without commenting, I get an error message
    ¨NOT FOUND: Apologies…” This should be fixed to avoid clutter.

    xØx
    jd

  • newJason

    thanks for the info.

  • Godwin

    @Tenderfoot: As Kurt L hudson wrote in the Technet Blogs, updates for Windows XP, Windows Server 2003, Windows Server 2003 R2, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 to counter the threat posed by Flame will be released in August.
    Refer: http://blogs.technet.com/b/pki/archive/2012/06/12/rsa-keys-under-1024-bits-are-blocked.aspx

  • Tenderfoot

    “Microsoft has now released an auto-update facility for Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2.”

    So what to those of us with Windows XP do to fend off this little bugger?

    Perhaps it doesn’t affect XP Users???

    Hmmm, I’ll have to do some research on this one…