"Basically they crossed the certificate streams between Windows Update and other security services in Windows," Storms continued, getting in a reference to Ghost Busters. "Crossing the streams is bad.... Windows Update should have been on an entirely different [certificate] stream than anything else. It's just too darned important to have been intermingled with any other chain of trust, and this shows exactly what can happen."

Wolfgang Kandek, chief technology officer at Qualys, read the Windows Update blog the same way as Storms.

"They fixed the immediate problem by revoking the certificates, but now they need to prevent others from copying Flame's mechanism," said Kandek. "So they're saying that 'We will start to sign updates with Windows Update-specific certificates instead of just any certificates.' Windows Update will be more picky about what certificates it accepts."

Windows PCs that have not applied the certification revocation Microsoft issued last Sunday remain vulnerable to the same kind of attack that Flame demonstrated, Kandek noted.

"Others will reverse-engineer this," he predicted. "It took Microsoft a couple of days to do that, and [some cybercriminals] are just as smart as the guys at Microsoft."