In response to the recent Flame malware attack, Microsoft has released a patch this week that introduces a digital certificate updater. The new feature automatically updates your Windows 7 or Windows Vista system to detect untrusted certificates. Known stolen or forged certificates are put on a “Disallowed Certificate Trust List,” which is updated daily.
The massive Flame malware was able to spread by spoofing a Microsoft digital certificate, tricking Windows into thinking that the code was legitimate. It exploited the Windows Terminal Server Licensing Service, which uses an older cryptography algorithm. Microsoft has since terminated the Terminal Server Licensing Service and also blocked those certificates.
Microsoft is now taking it a step further with the digital certificate updater to prevent such exploits in the future. With the ability to update the list of untrusted certificates daily, these types of malware attacks can be more quickly diffused if not avoided. The update, however, will cause some older certificates with RSA encryption keys of less than 1024 bits to be automatically marked as invalid even if they are currently valid and signed by a trusted source.