Topic: Windows

Attack code published for unpatched Stuxnet vulnerability

Summary: Exploit code for one of the still-unpatched Windows vulnerability used in the Stuxnet malware has been posted on the web, a move that puts pressure on Microsoft to release a security patch.

By Ryan Naraine for Zero Day | November 23, 2010 -- 14:53 GMT (06:53 PST)

Follow @ryanaraine

Exploit code for one of the still-unpatched Windows vulnerability used in the Stuxnet malware has been posted on the web, a move that puts pressure on Microsoft to release a security patch.

The exploit, written by webDEViL, provides a roadmap to exploit a flaw in the Windows Task Scheduler to elevate rights on vulnerable Windows machines.

[ SEE: Stuxnet -- A possible attack scenario ]

It has been successfully tested on systems running Windows Vista, Windows 7 and Windows Server 2008.

The privilege escalation flaw in the Task Scheduler was just one of five different vulnerabilities exploited in the mysterious Stuxnet worm attack. Four of the five were zero-day (previously unknown).

Here's a breakdown of the five Windows vulnerabilities targeted by Stuxnet.

LNK (MS10-046)
Print Spooler (MS10-061)
Server Service (MS08-067)
Privilege escalation via Keyboard layout file (MS10-073)
Privilege escalation via Task Scheduler (still unpatched)

The folks at F-Secure has a great FAQ on Stuxnet.

ALSO SEE:

Inside Stuxnet: Researcher drops new clues about origin of worm

Stuxnet attackers used 4 Windows zero-day exploits

Topics: Windows, Operating Systems, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

8 comments

Log in or register to join the discussion

RE: Attack code published for unpatched Stuxnet vulnerability

Not a problem.

james347
23 November, 2010 18:41

Reply Vote
Big problem

This is quite dangerous. Its true, my precious data and my PC wont be affected even if its lurking in my system. Yet stuxnet would be dangerous if it will reach some siemens PLCs connected to nuclear reactors which could leak. 
Or reach some PLCs connected to missile silos which will release ICBMs with nuclear head. True there's no motivation for MS to patch the above vulnerabilities as there's no PLCs in MS headquarter at One Microsoft Way Redmond, WA but there's a risk that the ICBM will reach them because of this simple stuxnet worm which looks harmless.

Martmarty
24 November, 2010 08:42

Reply Vote
- RE: Attack code published for unpatched Stuxnet vulnerability
 
 @Martmarty - what on earth are you talking about ?
 The article is about an actual exploit using the SAME vulnerability as one of the five that Stuxnet uses. Other than that it has nothing to do with Stuxnet and Stuxnet has nothing to do with missle silos or reactors as far as any researchers know.
 
 dev/null
 24 November, 2010 13:57
 
 Reply Vote
 - PLC
 
 @dev/null,
 The article is about the publication of vulnerabilities which are used by the industry strength malware called stuxnet.
 Hence, don't be surprised if stuxnet variants will appear due to this unpatched vulnerabilities.
 
 Regarding reactors and stuxnet, siemens PLC are the ones used by Iran nuclear facilities.
 
 Martmarty
 24 November, 2010 20:06
 
 Reply Vote
- @Martmarty, it's called "science-fiction"...
 
 ...not "science-fact". So get away from the boob tube.
 
 ahh so
 24 November, 2010 20:02
 
 Reply Vote
 - RE: Attack code published for unpatched Stuxnet vulnerability
 
 @ahh so, sorry, but update yourself.
 Siemens are the PLC brand used by Iran nuclear facilities. So my above post is not far fetched.
 
 Martmarty
 24 November, 2010 20:10
 
 Reply Vote
RE: Attack code published for unpatched Stuxnet vulnerability

I'm very worried about this. Wonder what's on TV?

james347
26 November, 2010 20:45

Reply Vote
RE: Attack code published for unpatched Stuxnet vulnerability

Oh no, the conveyor belt making my Donuts won't stop!! THERE IS A GOD!!

james347
29 November, 2010 07:29

Reply Vote