Microsoft's Windows Update team to explain how it plans to better secure Windows' default update mechanism, which is used by hundreds of millions of PCs worldwide, to prevent a repeat of the Flame tactic.

An update for Windows Update will be pushed to users later this week that will force the service to acknowledge only certificates issued from a new authority the company will create, and no longer accept other Microsoft-signed digital signatures, as it has since its inception.

"Second, we are strengthening the communication channel used by Windows Update in a similar way," the blog stated.

Companies that use Windows Server Update Services (WSUS), a Windows Server component and the de facto patching and update mechanism for most businesses, will be updated in a similar fashion.

Andrew Storms, director of security operations at nCircle Security, was disappointed in the lack of detail in Microsoft's explanation of the changes. "They basically admitted that Windows Update was man-in-the-middled, but then said very little about how they are fixing it," Storms said in an interview via instant messaging Wednesday.