DHS Issues Joint Warning On Flame’s Windows Update Hack

The U.S. Department of Homeland Security is warning IT administrators and operators of industry control systems about the danger posed by the Flame (aka sKyWIper) malware after Microsoft acknowledged that the malware is able to spoof its Windows Update service to push malicious code onto vulnerable systems.

The U.S. Department of Homeland Security is warning IT administrators and operators of industry control systems about the danger posed by the Flame (aka sKyWIper) malware after Microsoft acknowledged that the malware is able to spoof its Windows Update service to push malicious code onto vulnerable systems.

DHS issued a Joint Security Awareness Report on Tuesday (PDF), saying that spoofed Windows Updates now represented an “avenue for compromised that may be used by additional attacks on systems not originally the focus of the (Flame and) sKyWIper malware.”

For owners and operators of industrial control systems, ICS-CERT and US-CERT recommended that administrators review a June 3 advisory from Microsoft and work with ICS equipment makers to install the update, and to do impact analysis and risk assessment of the vulnerability prior to taking action.

Suggested articles

Discussion

  • f0real on

    What if we solve this problem simply and cheaply by having SCADA systems and servers use Linux ?

    (A novel idea!)

  • Anonymous on

    Describe the SCADA methods. 

  • Anonymous on

    Whoever has the most operating systems out there will be the biggest target.  Noone is invulnerable.

  • Anonymous on

    maybe I will dust off my pretty little old iMac.

  • Anonymous on

    Your old iMac has vulns too NOOB

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.