Flame Windows Update Attack Could Have Been Repeated in 3 Days, Says Microsoft

[InfoSec News <alerts () infosecnews org>]

http://www.wired.com/threatlevel/2013/03/flame-windows-update-copycat/

By Kim Zetter
Threat Level
Wired.com
03.01.13

When the sophisticated state-sponsored espionage tool known as Flame was 
exposed last year, there was probably no one more concerned about the discovery 
than Microsoft, after realizing that the tool was signed with an unauthorized 
Microsoft certificate to verify its trustworthiness to victim machines. The 
attackers also hijacked a part of Windows Update to deliver it to targeted 
machines.

After examining the nature of the certificate attack and everything the 
malicious actors needed to know to pull it off, Microsoft engineers estimated 
that they had about twelve days to fix the weaknesses it exploited before 
other, less sophisticated actors would be able to repeat the attack on Windows 
machines.

But then Microsoft conducted some tests to recreate the steps that copycat 
attackers would have to follow and discovered that it would take just three 
days in fact to repeat the Windows Update and certificate portion of the attack 
in order to deliver other signed malware to victim machines.

“So that’s when we switched to Plan B,” says Mike Reavey, senior director of 
the Microsoft Security Response Center, speaking at the RSA Security Conference 
on Thursday.

[...]

______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org