KB2718704-Connection to Flame malware

Microsoft certification authority signing certificates added to the Untrusted Certificate Store

Connection to Flame malware

Components of the Flame malware were signed with a certificate that chained up to the
Microsoft Enforced Licensing Intermediate PCA certificate authority, and ultimately,
to the Microsoft Root Authority. This code-signing certificate came by way of the
Terminal Server Licensing Service that we operate to issue certificates to customers
for ancillary PKI-based functions in their enterprise. Such a certificate could
(without this update being applied) also allow attackers to sign code that validates
as having been produced by Microsoft.


We recommend that all customers apply this update.

Microsoft Security Advisory (2718704)
Unauthorized Digital Certificates Could Allow Spoofing


Flame Malware Uses Forged Microsoft Certificate to Validate Components



Good information....


Thanks, Rhab!

MVP Consumer Security 2014-2016
Windows Insider MVP 2016-2018

Did this solve your problem?

Sorry this didn't help.

Great! Thanks for marking this as the answer.

How satisfied are you with this reply?

Thanks for your feedback, it helps us improve the site.

How satisfied are you with this response?

Thanks for your feedback.


Question Info

Last updated March 26, 2018 Views 3,012 Applies to: