[GLLUG] Flame malware has spoofed MS-signed certificates
natem at tir.com
natem at tir.com
Tue Jun 5 16:14:40 EDT 2012
heh, patch tuesday came a day early yesterday; microsoft updated the revocation list.
--
nate
-----Original Message-----
>From: Clay Dowling <clay at lazarusid.com>
>Sent: Jun 5, 2012 12:41 PM
>To: linux-user at egr.msu.edu
>Subject: Re: [GLLUG] Flame malware has spoofed MS-signed certificates
>
>On 6/5/12 12:17 PM, Stan Mortel wrote:
>> I know lots of you still have to deal with Windows, and this could be
>> highly significant since it has the potential to make Microsoft Update
>> a malware delivery mechanism. A patch is available but not yet
>> included in the normal Windows Update process.
>From reading the security brief, and from discussions elsewhere, the
>problem isn't that the certificates are spoofed. The certificates are
>100% legit, which is what makes them so useful. They're just not
>certificates that were supposed to be used for app signing, and
>Microsoft failed to put them in the revocation list for valid app
>signatures. If what I've read is correct, they're certs used by
>Terminal Server for some other purpose than app signing.
>
>I'm pretty sure there are lots of people at Microsoft auditing their
>systems looking for other important bits they've left lying around. It
>can't make Microsoft happy to have their security update mechanism
>subverted to compromise security. Although I've seen plenty of examples
>of that too.
>
>Clay
>_______________________________________________
>linux-user mailing list
>linux-user at egr.msu.edu
>http://mailman.egr.msu.edu/mailman/listinfo/linux-user
More information about the linux-user
mailing list