* Microsoft releases software to fix bug, repair systems
* Other cyber weapons could have exploited same flaw-experts
* Experts say other cyber weapons may soon be discovered
By Jim Finkle
BOSTON, June 4 Microsoft Corp warned
that a bug in Windows allowed PCs across the Middle East to
become infected with the Flame virus and released a software fix
to fight the espionage tool that surfaced last week.
Security experts said they were both surprised and impressed
by the approach that the attackers had used, which was to
disguise Flame as a legitimate program built by Microsoft.
"I woke up to this news and I couldn't believe it. I had to
ask, 'Am I reading this right?'" said Roel Schouwenberg of
Russian security firm Kaspersky Lab, one of the researchers who
helped discover the Flame virus.
Experts described the method as "elegant" and they believed
it had likely been used to deliver other cyber weapons yet to be
"It would be logical to assume that they would have used it
somewhere else at the same time, Mikko Hypponen, chief research
officer for security software maker F-Secure.
If other types of cyber weapons were indeed delivered to
victim PCs using the same approach as Flame, then they will
likely be exposed very quickly now that Microsoft has identified
the problem, said Adam Meyers, director of intelligence for
security firm CrowdStrike.
Cyber weapons that bear the fake Microsoft code will either
stop working or lose some of their camouflage, said Ryan Smith,
chief research scientist with security firm Accuvant.
A spokeswoman for Microsoft declined to comment on whether
other viruses had exploited the same flaw in Windows or if the
company's security team was looking for similar bugs in the
Flame's code included what is known as a digital
certificate, which falsely identified it as a piece of software
The creators of the virus obtained that certificate by
manipulating a component of the Windows operating system known
as terminal services licensing, or TS licensing, that is
designed to authorize business customers to use advanced
features of Windows.
A bug in TS licensing allowed the hackers to use it to
create fake certificates that identified Flame as being from
Microsoft, Mike Reavey, a senior director with Microsoft's
Security Response Center, said in a blog post.
He feared that other hackers might be able to copy the
technique to launch more widespread attacks with other types of
viruses, Reavey said.
"We continue to investigate this issue and will take any
appropriate actions to help protect customers," Reavey said in
the blog post.
News of the Flame virus, which surfaced a week ago,
generated headlines around the world as researchers said that
technical evidence suggests it was built on behalf of the same
nation or nations that commissioned the Stuxnet worm that
attacked Iran's nuclear program in 2010.
Researchers are still gathering information about the virus.
Microsoft's warning is available at