Over the last week, Microsoft revealed that Flame’s authors used unauthorised certificates to pretend that the malware was written by Microsoft. This enabled them to use Windows Updateto distribute the malware to any machine receiving updates.
Microsoft released an emergency patch to revoke the trust in these certificates, but has now revealed that it intends to go much farther in its mitigation of the threat, calling the emergency patch a stop-gap measure in what it said is “the first of a series of actions in a phased mitigation strategy”.
“The first [action] invalidates the unauthorised certificates used in the ‘Flame’ malware, thus addressing that issue. Completing the update was the fastest way to protect the largest number of customers, and block the Flame malware from using the unauthorised certificates.
“The next action of our mitigation strategy is to further harden Windows Update as a defence-in-depth precaution. We will begin this update following broad adoption of Security Advisory 2718704 in order not to interfere with that update’s worldwide deployment.”
The company has not yet announced when this action may occur, or whether it will be a simple matter of applying a patch, but has said that it will provide more information in the near future.