Update: Microsoft published a report which confirms the guesses in this posting and gives a great level of details.

Certificate Purpose

There are multiple purposes a certificate may be used for. For example it may be used as a proof of identity of a person or webserver. It may be used for code sining or to sign other certificates.

In this case a certificate that was intended to sign license information was able to sign code.

It might be as simple as Microsoft not checking the purpose-flag of customer certificates they signed:

Specifically, when an enterprise customer requests a Terminal Services activation license, the certificate issued by Microsoft in response to the request allows code signing.

MD5 collision attack

The reference to an old algorithm might indicate a collision attack on the signing process: There was a talk at CCC 2008 called MD5 considered harmful today - Creating a rogue CA Certificate

In that talk the researches explained how to generate two certificates with the same hash.

The generated a harmless looking certification request and submitted it to a CA. The CA signed it and generated the valid certificate for https-servers.

But this certificate had the same hash as another generated certificate which had the purpose CA-certificate. So the CA signature of the harmless certificate was valid for the dangerous one as well.

The researches exploited a weakness in MD5 to generate collisions. In order for the attack to work, they had to predict the information the CA would write into the certificate.

Lessons learned?

Microsoft already checks that the root of code signing certificates for Windows Update is a Microsoft CA. So certificates signed by other rouge CAs cannot be used.

Don't forget legacy code and services

If there is enough motivation even impractical theoretical weaknesses, will be exploited. (The original title of the talk was "Doing the theoretical possible").

Update

Microsoft has confirmed both issues (one issue alone is sufficient for an exploit):

The Flame malware used a cryptographic collision attack in combination with the terminal server licensing service certificates to sign code as if it came from Microsoft. However, code-signing without performing a collision is also possible.

Update 2

Microsoft published the details:

The vulnerability of not checking the certificate purpose properly only effects old versions of Windows.

The collision attack was used manipulate the certificate extensions, so that current versions of Windows are fooled as well.

Update 3

The researchers of the original md5 collision attack published that the attackers used a new variant of the known md5 chosen prefix attack, which implies that they have very deep knowledge about cryptography.