Exploit code for one of the still-unpatched Windows vulnerability used in the Stuxnet malware has been posted on the web, a move that puts pressure on Microsoft to release a security patch.
The exploit, written by webDEViL, provides a roadmap to exploit a flaw in the Windows Task Scheduler to elevate rights on vulnerable Windows machines.
It has been successfully tested on systems running Windows Vista, Windows 7 and Windows Server 2008.
The privilege escalation flaw in the Task Scheduler was just one of five different vulnerabilities exploited in the mysterious Stuxnet worm attack. Four of the five were zero-day (previously unknown).
Here's a breakdown of the five Windows vulnerabilities targeted by Stuxnet.
- LNK (MS10-046)
- Print Spooler (MS10-061)
- Server Service (MS08-067)
- Privilege escalation via Keyboard layout file (MS10-073)
- Privilege escalation via Task Scheduler (still unpatched)
The folks at F-Secure has a great FAQ on Stuxnet.