IT Security & Network Security News & Reviews - eWeek



IT Security & Network Security News

Exploit Code for Windows Zero-Day Targeted by Stuxnet Goes Public


By: Brian Prince
2010-11-23
Article Rating:starstarstarstarstar / 1


There are  user comments on this IT Security & Network Security News & Reviews story.


Exploit code for one of the zero-day vulnerabilities exploited by Stuxnet has been posted online.

Exploit code for one of the zero-day vulnerabilities exploited by the Stuxnet worm has made its way online.

The code exploits a Windows Task Scheduler vulnerability, and can be used to escalate privileges. The exploit code was added to the Exploit Database operated by Offensive Security Nov. 20. There is no patch currently available for the flaw, though Microsoft said one is forthcoming.

“Microsoft is aware of the public posting of the details of an Elevation of Privilege vulnerability used by the Stuxnet malware,” Jerry Bryant, group manager of Response Communications at Microsoft, said in a statement. “We first discussed this vulnerability in September 2010. Because this is a local Elevation-of-Privilege issue, it requires attackers to be already able to execute code on a targeted machine. A bulletin addressing this issue will be released as part of our regular monthly bulletin cycle in the near future.”

The vulnerability was one of four zero-days used by the malware in its bid to compromise industrial control systems. The three others have all been patched since the worm was discovered this summer.

Researchers have spent the last several months trying to get to the bottom of the Stuxnet worm. Just recently, Symantec reported evidence that it targets frequency converter drives used to control the speed of motors, and that the actual goal of the worm may be to disrupt nuclear programs. In particular, speculation has focused on Iran as a possible target, as it has been the site of many of Stuxnet's infections.

Among the other zero-days Stuxnet has been observed using are the .LNK shortcut vulnerability, patched in August; a vulnerability in the Windows Print Spooler service (MS10-061), patched in September; and another privilege escalation issue (MS10-073), patched in a massive update in October.

Early versions of the worm also spread without a vulnerability at all; instead abusing Windows' AutoRun feature to compromise machines through infected USB devices.







 
 
>>> More IT Security & Network Security News & Reviews Articles          >>> More By Brian Prince
 


FEATURED SPONSOR VIDEOS

Benefits of Workload Optimization

What Smart Companies MUST Learn from Gaming

Advances in Authentication

Vertical Markets Benefit from Workload Optimization

View More Videos

Brought to you by
Advertisement

FEATURED SPONSOR MESSAGE

Microsoft Sponsored Resource Center

Increase Your Microsoft Office 365 Knowledge! Dig inside this suite of cloud-based collaboration tools.

Watch the video >>

Brought to you by

Suggested Related Content:

Articles Labs/How-To Multimedia


Advertisement
Contact Us | About | Advertise | Site Map
eWEEK Quick LInks

Security:
Enterprise Networking
Network Security
Infrastructure Security
How To: Data
Security Watch Blog
Storage:
Data Storage
Cloud Storage
Storage Virtualization
Network Access Storage
How To: Storage
Storage Station Blog
Computing:
Apple OSX
Linux Systems
Windows 7
Managed Print Services
Computer Reviews
Microsoft Watch Blog
Google Watch Blog
Communications:
VoIP Solutions
Wireless Technology
Messaging Software
Web Services
Apps & Development:
Application Development
Enterprise Apps
Search Engines
Database Software
Web 2.0
CIOs

Vertical Markets:
Federal Government IT
Health Care IT
Finance IT
Mid-Market
Channel and VARs
Careers Blog
More eWeek Links:
Green Computing Center
Tech Knowledge Center
Tech Newsletters
Tech RSS Feeds
White Papers
Tech Videos
Magazine Subscriptions
Enterprise Websites:
ZDE Home
eWeek
Baseline Magazine
Channel Insider
CIO Insight
eSeminars and Events
Web Buyers Guide
Developer Websites:
DevSource C# and .Net
Dev Shed
DeveloperShed
ASP Free
SEO Chat
Codewalkers
Tutorialized
Scripts.com
Dev Mechanic
Dev Articles
Web Hosters
Dev Hardware
Technology Websites:
Device Forge
Desktop Linux
Linux Devices
Windows for Devices
PDF Zone
Linux Watch
TechDirect
Windows Migration
Smarter Technology

Use of this site is governed by our Terms of Use and Privacy Policy
Copyright ©1996-2012 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.
ZDE Cluster 2
 
Close this advertisement