News Stay informed about the latest enterprise technology news and product updates.

Microsoft to harden Windows Update in overhaul to address weaknesses

The overhaul to Windows Update is to follow Microsoft’s emergency update, revoking three fraudulent certificates that could be used in broad attacks.

Microsoft is planning an extensive overhaul to Windows Update after researchers determined attackers using the...

Flame malware toolkit conducted a man-in-the-middle attack targeting the Microsoft update mechanism.

Our firm guidance is that customers should apply the update as soon as possible for one simple reason: The fact that malware can be created by attackers and made to look like it is from Microsoft would result in the malware being installed.

Mike Reavey, senior director, Microsoft Security Response Center.

The information came one day after Microsoft issued an emergency patch revoking three fraudulent digital certificates issued by the Microsoft Certificate Authority.  The fraudulent certificates enabled the attackers to make software appear to come from Microsoft.

The overhaul to bolster Windows Update is expected to take place once the software giant determines that an emergency patch is broadly deployed, said Mike Reavey, senior director of the Microsoft Security Response Center. In a blog post updating Windows users, Reavey said more information would be provided on the timing of the additional hardening.

“Our firm guidance is that customers should apply the update as soon as possible for one simple reason: The fact that malware can be created by attackers and made to look like it is from Microsoft would result in the malware being installed,” Reavey wrote. “Removing these certificates is the best first step and the update released yesterday prevents these unauthorized certificates from being used to attack systems running Windows software.”

Reavey said the attackers appeared to use a cryptographic collision attack against the weakened encryption algorithm. An encryption collision was demonstrated by researchers in 2005 against an MD5 algorithm. SHA-1 and MD5 are being replaced by the SHA-2 hash functions in most applications.

Flame module spoofed Windows Update
The Flame attackers appear to have used the fraudulent digital certificates in a man-in-the-middle attack targeting Microsoft Update or Windows Server Update Services (WSUS), said Mikko Hypponen, chief research officer of Finnish antivirus maker F-Secure Corp. Once successfully targeted, the attacker dropped a malicious file on the victim’s machine, Hypponen said.

“Most likely this function was used to spread further inside an organization or to drop the initial infection on a specific system,” Hypponen wrote on the F-Secure blog describing the likely attack technique.

The Flame malware attackers targeted less than 200 individuals in Iran and other countries in the Middle East and North Africa. The attacks are believed to be part of a nation-state sponsored cyberespionage campaign. The targeted attacks are not a serious threat to businesses, but Microsoft warned that the fraudulent digital certificates could be used by less-sophisticated attackers in a financially motivated malware campaign.

“Having a Microsoft code-signing certificate is the Holy Grail of malware writers,” Hypponen wrote. “I guess the good news is this wasn't done by cybercriminals interested in financial benefit.”

Symantec also issued extensive analysis of Flame targeting Windows Update.  It said the Windows Update attack enables the installation of a program called Tumbler. Tumbler performs checks on the network interfaces and installed security products, then contacts a remote server to download Flame.

Dig Deeper on Microsoft Windows security



Find more PRO+ content and other member only offers, here.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.







  • CIO Trends #6: Nordics

    In this e-guide, read how the High North and Baltic Sea collaboration is about to undergo a serious and redefining makeover to ...

  • CIO Trends #6: Middle East

    In this e-guide we look at the role of information technology as the Arabian Gulf commits billions of dollars to building more ...

  • CIO Trends #6: Benelux

    In this e-guide, read about the Netherlands' coalition government's four year plan which includes the term 'cyber' no fewer than ...