[LiquidSummer]

>At the moment, we haven’t seen use of any 0-days; however, the worm is known to have infected fully-patched Windows 7 systems through the network, which might indicate the presence of a high risk 0-day.

I really want to know what that 0day is, I can't comprehend how hard it would be to find a 0day remote execution on a Windows system

[btipling]

The exploit might not be part of the package. It could be that the exploit installs flame and then uninstalls or removes traces of itself. 0days are very valuable, it makes sense to remove it if it has served its purpose.

Some exploits like those delivered via browsers attempt to execute code in privileged contexts without any file i/o. There might never have been anything to remove.