Flame and microsoft certificates

Windows Cannot Find Gpedit. Forged Microsoft certificates found in Flame worm. With forged certificates, the worm makes the malware appear to be actually created and approved by Microsoft. Although he doesn't go into detail as to how the Flame developers were able to sign their code, he does say that it has to do with exploiting a weakness in "an older cryptography algorithm".

It is thought that Microsoft used the MD5 algorithm, which is now considered insecure, to sign these certificates. By using what is referred to as hash collisions, an attacker can create a fraudulent certificate that has the same MD5 hash as the official MS certificate.

While we encourage all customers to apply the officially tested update to add the proper certificates to the Untrusted Certificate Store, as an alternative you can instead place the certificates there in another way.

For example, it might be more convenient to use the certutil command or the Certificates MMC snap-in. Or you might instead choose to manage trusted and untrusted certificates in your enterprise via group policy. Here are the thumbprints of the certificates to be placed in the Untrusted Certificates Store. Components of the Flame malware were signed with a certificate that chained up to the Microsoft Enforced Licensing Intermediate PCA certificate authority, and ultimately, to the Microsoft Root Authority.

This code-signing certificate came by way of the Terminal Server Licensing Service that we operate to issue certificates to customers for ancillary PKI-based functions in their enterprise. Such a certificate could without this update being applied also allow attackers to sign code that validates as having been produced by Microsoft. The behavior of a crypto library upon encountering an extension marked critical that it does not understand is to fail validation.

Hence, if the attacker wanted a certificate that worked on all versions of Windows they needed to remove this field. To remove the critical extension, the attacker took advantage of a number of circumstances to perform a collision attack:. An essential part of performing a collision attack is that the attacker needs to be able to predict completely the certificate content that will be signed by the CA.

Because of the predictable serial numbers, the attacker can perform a set of certificate enrollments that reveal the likely serial number when they perform their collision attack. The attacker can then apply the collision algorithm documented by Sotirov et. Without this collision attack, it would have been possible to sign code that would validate on systems pre-dating Windows Vista, but that signed code would fail validation on Windows Vista and above. After this attack, the attacker had a certificate that could be used to sign code that chained up to the Microsoft Root Authority and worked on all versions of Windows.

Given the risk for copycat attacks on systems pre-dating Windows Vista, without the complexity of a collision attack, we took action to release an out-of-band update.

We also made a number of changes to the Terminal Server licensing infrastructure to minimize risk in the future:. Microsoft takes the security of its customers seriously; therefore we took the swiftest action that would protect the largest number of customers first. We will continue to take the necessary actions to help protect our customers. Stevens and A. Lenstra and B. Sotirov, M.