Thought I'd make you all aware of a new malware called 'Flame', here are some details.
It looks particularly nasty as it creates unauthorised certificates as if they came from Microsoft themselves. That's only going to cause trouble!
This affects Windows XP/2003/Vista/2008/7/2008 R2, both x86 and x64.
I suspect Windows 8 and Server 2012 will include the patch by default.
Yeah, saw this on the BBC website the other day...info here: BBC News - Flame: Attackers 'sought confidential Iran data' Apparently its been around for years, in some form or another....:/
Last edited by mmoseley; 5th June 2012 at 10:31 PM.
On a related issue, if you've setup WSUS as per my recommendations here, you'll find your servers should already be patched!
2008 R2 installs the update without needing a restart. 2003 does need a restart to complete the update.
These updates broke my WSUS and I cannot get anything to work again. I guess I will be rebuilding the server...
Last edited by zlorimer; 11th June 2012 at 10:36 PM.
The company's Windows Server Update Services, which businesses and organizations use to deliver patches to large fleets of PCs, will no longer work through network proxies that use deep packet content inspection, Microsoft representatives said in an advisory published Friday afternoon. Such proxies act as man-in-the-middle devices that can peek inside encrypted traffic as it travels from a local network onto the Internet. Enterprises that have inspection servers in place will have to create exception rules so all Windows Update traffic is bypassed.
Nah. We don't use proxies here. I cannot open the MMC using the Internal MS DB setup on WSUS3.0 SP2. I am thinking I am going to have to rebuild it because I cannot find any real answers or anything.
Last edited by zlorimer; 11th June 2012 at 11:52 PM.
I've not had any problems applying the update to WSUS 3.0 SP2 on both 2003 and 2008 R2 servers. I'd try repairing the product and this should resolve it.
see here... http://www.crysys.hu/skywiper/skywiper.pdf it's a very interesting in depth article containing a comparison of flame/skywiper and stuxnet, they are not the same at all, or even derived from each other. They contain some similar components and modes of operation but are very different beasts.
This is what I was saying. If true, it looks like it's more cloak+dagger cyber shenanigans... and not really anything the average end-user needs to worrk about.
The finger has been pointed at the US and or israel for stuxnet, flame is significantly different in style, probably not the same group of coders, but a broadly similar idea. No one is really able to point the finger for flame yet.
Obviously it's not a great idea to have backdoor access software floating around on ones pc/network, but i agree that it is probably of very little concern for most people... it's got bigger fish to fry!
There are currently 1 users browsing this thread. (0 members and 1 guests)