Microsoft uses an encrypted algorithm to issue licences for the services (Goodin, 2012). Attackers have been able to exploit the weaknesses in the terminal server and successfully create forged digital certificates which were used to sign components of the Flame malware (Fisher, Flame Malware Uses Forged Microsoft Certificate to Validate Components, 2012). Once the encrypted algorithm has been exploited, attackers can use it to sign code for Flame components, which can be misleading and makes the code seem to have been created or processed by Microsoft. The forged digital certificates have a stamp on them that misled administrators and end-users to believing several Flame components by incorrectly certifying that the certificates were created by Microsoft (Goodin, 2012).
Microsoft Security Response Senior Director Mike Reavey wrote in a blog post, “We have discovered through our analysis that some components of the malware have been signed by certificates that allow software to appear as if it was produced by Microsoft." (Goodin, …show more content…
In the authorizing process, when the server issued certificates to prove that the code has come from Microsoft. When the attackers exploited the encrypted algorithm, they could see that the certificates issued by server can be used to sign code. Taking advantage of this, the attackers used the certificates to sign the components of Flame (Fisher, Flame Malware Uses Forged Microsoft Certificate to Validate Components, 2012). It has also been reported that on December 2010, attackers used a certificate created by Microsoft to sign one flame component (Fisher, Flame Malware Uses Forged Microsoft Certificate to Validate Components,