Flame’s man-in-the-middle hash-collision attack is very interesting, I won’t deny. It’s an incredibly complex, chained exploit using MD5 collision, weak vendor digital certificate, WPAD vulnerabilities, and signed malware. Still, I can’t get overly upset about Flame. Microsoft (my full-time employer) has revoked the weak certificate. There are far easier ways to accomplish the same outcome. Plus, Flame isn’t widespread. Flame may add more fuel to the fire, but the inferno is already raging.”]
Source: https://www.csoonline.com/article/2617458/16-security-problems-bigger-than-flame.html