Microsoft revokes trust in 28 of its digital certificates

Flame malware legacy lives on as Patch Tuesday becomes critical security fest

Microsoft has revoked 28 of its own digital certificates as part of this month's regular Patch Tuesday, following investigation into the Flame malware attacks that revealed the virus could exploit holes in the system by creating forged, fraudulent certificates of its own.

As part of a critical update list that also included a new updater for certificates in Windows Vista and Server 2008 upwards, Microsoft's extra precaution for older or unsupported versions of the OS was to remove the 28 certificates entirely and place them in the Untrusted Certificate Store. The new automatic updater has the capacity to update untrusted certificate information once per day without user interaction.

"None of the certificates involved is known to have been breached, compromised, or otherwise misused," wrote Gerardo Di Giacomo and Jonathan Ness of Microsoft Security Response Center on the company's Technet blog. "This is a pre-emptive cleanup to ensure a high bar for any certificates owned by Microsoft."

Microsoft has so far not revealed exactly what the certificates were used for, listing them simply as "Svcs" in a summary on Technet.

Another Patch Tuesday update is a cumulative security update for Internet Explorer 9.

"We are dealing with a specially crafted webpage, a link to which can be easily delivered via email or instant message," said Ziv Mador, director of security research at Trustwave SpiderLabs, explaining that clicking on such a link will exploit IE 9 to the point of giving "current users rights to the attacker" or allowing remote code execution.

"One deals with how IE handles deleted items, the other with objects in memory," continued Mador. "Either way, if you run as an admin, which many people do, well, game over. Thankfully this one has not been seen in the wild yet."

Other updates cover remote code execution in the Windows Shell, Visual Basic and privilege exploits in kernel-mode drivers.

Microsoft has even patched MS Office for Mac which, though it relies on very specifically duping a user into physically executing it, is notable simply by its possibility on an OS that many consider unexploitable.