Some components of the Flame spyware worm were signed using forged Microsoft certificates, according to a recent investigation by Microsoft. These unauthorised digital certificates allowed the Flame developers to make the malware appear as if it was actually created and approved by Microsoft.
The company has already released an emergency patch via Windows Update to block the certificates used by Flame.

Mike Reavey, Senior Director of Microsoft's Security Response Center (MSRC), says that the malicious code was signed using the company's Terminal Server Licensing Service, which is used by corporate customers to authorise Remote Desktop services. While Reavey doesn't provide specific details on how the Flame developers were able to sign their code with such certificates, he does say that it has something to do with exploiting a weakness in "an older cryptography algorithm".

The link for this article located at H Security is no longer available.