The stolen certificates in this case would allow an attacker to install "rogue updates" using a Domain Name Service (DNS) MITM.

"The ActiveX control/Windows update system lets anyone with DNS control install updates, but only if the update is signed by Microsoft," explained Moore.

The attack would be "incredibly difficult to detect", however, even with a Microsoft signature the attacker would still need to force the update system to hit the malicious server, said Moore.

"It still doesn't seem that useful for breaking into new systems... but it does make keeping access easy, if you can subvert DNS," said Moore.

While also used a stolen certificate from RealTek, Moore said Flame doesn't appear to show anywhere near the level of complexity of Stuxnet.