My colleague over on the TechRepublic IT Security Blog, Selena Frye, published a disturbing post today (June 4, 2012), explaining the Windows-Update-specific security problems caused by Flame malware. You can read the gory details in her blog post, but the general gist is that you need to apply the corrective patch as soon as possible.
For those of you who don’t keep up with such things, Flame is a highly sophisticated piece of malware linked to recent espionage in Iran that targeted that nation’s sensitive information. The speculation is that the software is state-sponsored, although there is no proof as of yet.
Now that Flame is in the wild, it has been surfacing in different scenarios causing security professionals to lose sleep as they attempt to contain it. This is similar to Stuxnet, which 60 Minutes reported on this past summer.
I suppose you could say we are looking at the first instances of cyber-warfare collateral damage. IT security is going to be a busy area of expertise for the foreseeable future, it appears.
Please patch ASAP: