Exploit Code for Windows Zero-Day Targeted by Stuxnet Goes Public
Exploit code for one of the zero-day vulnerabilities exploited by Stuxnet has been posted online.Exploit code for one of the zero-day vulnerabilities exploited by the Stuxnet worm has made its way online. The code exploits a Windows Task Scheduler vulnerability, and can be used to escalate privileges. The exploit code was added to the Exploit Database operated by Offensive Security Nov. 20. There is no patch currently available for the flaw, though Microsoft said one is forthcoming.
"Microsoft is aware of the public posting of the details of an Elevation of Privilege vulnerability used by the Stuxnet malware," Jerry Bryant, group manager of Response Communications at Microsoft, said in a statement. "We first discussed this vulnerability in September 2010. Because this is a local Elevation-of-Privilege issue, it requires attackers to be already able to execute code on a targeted machine. A bulletin addressing this issue will be released as part of our regular monthly bulletin cycle in the near future."