Attack code published for unpatched Stuxnet vulnerability

Exploit code for one of the still-unpatched Windows vulnerability used in the Stuxnet malware has been posted on the web, a move that puts pressure on Microsoft to release a security patch.

Exploit code for one of the still-unpatched Windows vulnerability used in the Stuxnet malware has been posted on the web, a move that puts pressure on Microsoft to release a security patch.

The exploit, written by webDEViL, provides a roadmap to exploit a flaw in the Windows Task Scheduler to elevate rights on vulnerable Windows machines.

[ SEE: Stuxnet -- A possible attack scenario ]

follow Ryan Naraine on twitter
It has been successfully tested on systems running Windows Vista, Windows 7 and Windows Server 2008.

The privilege escalation flaw in the Task Scheduler was just one of five different vulnerabilities exploited in the mysterious Stuxnet worm attack.   Four of the five were zero-day (previously unknown).

Here's a breakdown of the five Windows vulnerabilities targeted by Stuxnet.

  • LNK (MS10-046)
  • Print Spooler (MS10-061)
  • Server Service (MS08-067)
  • Privilege escalation via Keyboard layout file (MS10-073)
  • Privilege escalation via Task Scheduler (still unpatched)

The folks at F-Secure has a great FAQ on Stuxnet.

ALSO SEE:

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.
See All
See All