Microsoft Corp has warned PC users that the Flame virus that attacked systems across the Middle East infects computers by exploiting a flaw in the Windows operating system.
The company released software to protect against infections exploiting the previously undisclosed flaw.
Mike Reavey, a senior director with Microsoft’s Security Response Center, said in a blog post that he feared that other hackers might be able to copy the technique to launch more widespread attacks with other types of viruses.
“We continue to investigate this issue and will take any appropriate actions to help protect customers,” Reavey said in the blog post.
A spokeswoman for Microsoft declined to elaborate. She would not comment on whether other viruses had exploited the same flaw in Windows or if the company’s security team was looking for similar bugs in the operating system.
The flaw enabled Flame to install itself on computers by tricking Windows into believing that the malicious software was a legitimate program from Microsoft, Reavey said in the blog, which was published late on Sunday.
News of the Flame virus, which surfaced a week ago, generated headlines around the world as researchers said that technical evidence suggests it was built on behalf of the same nation or nations that commissioned the Stuxnet worm that attacked Iran’s nuclear program in 2010.
Ryan Smith, chief research scientist with security firm Accuvant, said the discovery of the Microsoft flaw was also significant.
“The Windows vulnerability in and of itself is a big story,” said Smith, whose customers include large corporations. He added that it is possible other highly sophisticated pieces of malware may have also exploited the same flaw and be invisible to the users of the systems they have infected.
When customers install the software on infected computers, such viruses would either stop working or they might become invisible, Smith said.