***Microsoft Patches Digital Certificate Issue Exploited by Flame
The minds behind the Flame attacks signed components of the malware with an unauthorized digital certificate to make it appear as though the code had been legitimately signed by Microsoft.
Microsoft issued an update June 3 to address a certificate issue exploited in the Flame malware attacks.
Flame, which was publicized by security researchers last week, is a cyber-espionage toolkit that incorporates a wide range of functionality, including intercepting Web traffic, recording audio and taking screenshots.
According to Microsoft, components of Flame were signed with an unauthorized digital certificate that chained up to a Microsoft sub-certification authority issued under the Microsoft Root Authority. This happened via the Terminal Server Licensing Service, which Microsoft operates to issue certificates to customers for "ancillary PKI- [public-key infrastructure-] based functions" in their enterprise.
By signing malware with fake certificates, attackers can trick browsers and applications into trusting malicious content, enabling activities such as phishing and man-in-the-middle attacks.
Self-built desktop (7 years old) - AMD64 3200+_Gigabyte GA-K8NS Ultra-939_2 gb RAM_GeForceFX 5800w/256 ram_XP/SP3_Avast 7_MBAM_ZA Free __and__ Toshiba Satellite Laptop_W7-64bit_ 4 gb Ram_Avast 7_MBAM