But to dupe Windows Vista and Windows 7 systems, the hackers had to go a step further.

To do that, they leveraged several weaknesses in Microsoft's certificate infrastructure and signing to perform a cryptographic "collision attack," where two different values produce the same cryptographic "hash."

Jonathan Ness, an engineer with the Microsoft Security Response Center (MSRC), explained the results.

"After [the collision] attack, the attacker had a certificate that could be used to sign code that chained up to the Microsoft Root Authority and worked on all versions of Windows [emphasis added]," Ness wrote today on the blog.

The combination of the flaws in the Terminal Services' CA and the collision attack made it possible for Flame to hoodwink Windows Vista and Windows 7 PCs as well as those running the 11-year-old XP.