The Windows Club

Fix It solution and Automatic Updater to neutralize Flame malware released

You may have read reports about the state-sponsored attackers who were using Internet Explorer zero-day exploit to hijack GMail accounts. Both Microsoft and Google had also warned about them, a few days back. Many Gmail accounts were compromised, and as a consequence, Google had to display a warning to such compromised users about these “state-sponsored attacks”.

The ‘Flame‘ malware, considered as one of the most complicated malware ever written to-date, injected itself into the Windows operating system by spoofing Microsoft Digital Certificates and spread via Windows Updates.

The vulnerability could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker would have no way to force users to visit such a website. Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes them to the attacker’s website. The vulnerability affects all supported releases of Microsoft Windows, and all supported editions of Microsoft Office 2003 and Microsoft Office 2007, said Microsoft.

Microsoft has now released an auto-update facility for Windows 7, Windows Vista, Windows Server 2008 and Windows Server 2008 R2 to block the spread of Flame, by automatically updating the non-legitimate certificate list.

You can get more details on it and download it from KB2677070.

Microsoft has also released a Fix It solution that will help block the attack vector for this vulnerability. The Fix it solution released however, is not intended to be a replacement for any security update.

You can get the Fix It from KB2719615.

Additional reading: Malware Removal Guide.