Last updated at Tue, 25 Jul 2017 14:24:17 GMT
Microsoft has released an update for Windows Server Update Services (WSUS) 3.0 Service Pack 2 (SP2):
http://support.microsoft.com/kb/2720211
By hardening the Windows Server Update Services (WSUS), Microsoft is attempting to assure their customers that they can trust the update process. From a security perspective, Flame isn't a mass threat to most organizations; however, this is a way to ensure the integrity of the update process. It is apparent that Microsoft was working on many of these updates for the Windows 8 release. There is no way that Microsoft would have been able to pivot so quickly if that wasn't the case.
The news of Flame has forced Microsoft to incorporate these changes sooner, rather than later. We should also look for Microsoft to move away from MD5 certificates to at least SHA1 certificates. Flame was able to use a MD5 collision technique to forge Microsoft digital signatures via brute force. It would be exponentially harder to do this with SHA1 and it hasn't yet been a victim of any successful brute force collision attacks as far as I am aware. I'd also expect them to move away from 512 bit to at least 1024 bit key length. More time is needed for attackers to brute force these longer key lengths. With all the changes that Microsoft has made in short order, it should give everyone renewed confidence in the update process. Security updates are essential to securing any organizations assets, so there can't be uncertainty.
