A key element of Flame called for exploiting weaknesses of the MD5 hashing algorithm. Microsoft had urged in 2008 that network administrators and certificate authorities stop using the hash because researchers had discovered how to exploit it.
Microsoft officially disallowed its use in 2009 but failed to weed it out of its own products, particularly Terminal Server Licensing Service. Researchers figured out how to compromise MD5 using what they call collision attacks to obtain fraudulent certificates that are accepted as real. This allowed attackers to send malware that victim machines accepted as authenticated Microsoft updates.
Tim Greene covers Microsoft for Network World and writes the Mostly Microsoft blog. Reach him at email@example.com and follow him on Twitter @Tim_Greene.
Read more about software in Network World's Software section.