Attack code published for unpatched Stuxnet vulnerability

Summary:Exploit code for one of the still-unpatched Windows vulnerability used in the Stuxnet malware has been posted on the web, a move that puts pressure on Microsoft to release a security patch.

Exploit code for one of the still-unpatched Windows vulnerability used in the Stuxnet malware has been posted on the web, a move that puts pressure on Microsoft to release a security patch.

The exploit, written by webDEViL, provides a roadmap to exploit a flaw in the Windows Task Scheduler to elevate rights on vulnerable Windows machines.

[ SEE: Stuxnet -- A possible attack scenario ]

follow Ryan Naraine on twitter
It has been successfully tested on systems running Windows Vista, Windows 7 and Windows Server 2008.

The privilege escalation flaw in the Task Scheduler was just one of five different vulnerabilities exploited in the mysterious Stuxnet worm attack.   Four of the five were zero-day (previously unknown).

Here's a breakdown of the five Windows vulnerabilities targeted by Stuxnet.

  • LNK (MS10-046)
  • Print Spooler (MS10-061)
  • Server Service (MS08-067)
  • Privilege escalation via Keyboard layout file (MS10-073)
  • Privilege escalation via Task Scheduler (still unpatched)

The folks at F-Secure has a great FAQ on Stuxnet.

ALSO SEE:

Topics: Windows, Operating Systems, Security, Software

About

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content managem... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.