The company also described in more detail how Flame's authors were able to spoof Windows Update.

On Sunday, that Flame -- the super-espionage toolkit that has infected Windows PCs throughout the Middle East, but appears to have been aimed at Iran in particular -- used fraudulent code-signing certificates generated by abusing the company's Terminal Services licensing certificate authority (CA), which is normally used by enterprises to authorize remote desktop services and sessions.

Later, Microsoft also confirmed that those certificates were used to sign bogus updates that were force-fed uninfected PCs by a Flame-compromised computer on the same network.

Researchers at Kaspersky Lab and Symantec used their forensics analyses to more completely .

Today, Microsoft said that Flame was able to trick Windows XP machines into accepting the phony Windows Updates once they generated digital certificates with Microsoft's own "signature."