Attack code published for unpatched Stuxnet vulnerability

Attack code published for unpatched Stuxnet vulnerability

Summary: Exploit code for one of the still-unpatched Windows vulnerability used in the Stuxnet malware has been posted on the web, a move that puts pressure on Microsoft to release a security patch.

SHARE:

Exploit code for one of the still-unpatched Windows vulnerability used in the Stuxnet malware has been posted on the web, a move that puts pressure on Microsoft to release a security patch.

The exploit, written by webDEViL, provides a roadmap to exploit a flaw in the Windows Task Scheduler to elevate rights on vulnerable Windows machines.

[ SEE: Stuxnet -- A possible attack scenario ]

follow Ryan Naraine on twitter It has been successfully tested on systems running Windows Vista, Windows 7 and Windows Server 2008.

The privilege escalation flaw in the Task Scheduler was just one of five different vulnerabilities exploited in the mysterious Stuxnet worm attack.   Four of the five were zero-day (previously unknown).

Here's a breakdown of the five Windows vulnerabilities targeted by Stuxnet.

  • LNK (MS10-046)
  • Print Spooler (MS10-061)
  • Server Service (MS08-067)
  • Privilege escalation via Keyboard layout file (MS10-073)
  • Privilege escalation via Task Scheduler (still unpatched)

The folks at F-Secure has a great FAQ on Stuxnet.

ALSO SEE:

Topics: Windows, Operating Systems, Security, Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

8 comments
Log in or register to join the discussion
  • RE: Attack code published for unpatched Stuxnet vulnerability

    Not a problem.
    james347
  • Big problem

    This is quite dangerous.<br>Its true, my precious data and my PC wont be affected even if its lurking in my system.<br><br>Yet stuxnet would be dangerous if it will reach some siemens PLCs connected to nuclear reactors which could leak.<br>
    Or reach some PLCs connected to missile silos which will release ICBMs with nuclear head.<br><br>True there's no motivation for MS to patch the above vulnerabilities as there's no PLCs in MS headquarter at One Microsoft Way Redmond, WA but there's a risk that the ICBM will reach them because of this simple stuxnet worm which looks harmless.
    Martmarty
    • RE: Attack code published for unpatched Stuxnet vulnerability

      @Martmarty - what on earth are you talking about ?
      The article is about an actual exploit using the SAME vulnerability as one of the five that Stuxnet uses. Other than that it has nothing to do with Stuxnet and Stuxnet has nothing to do with missle silos or reactors as far as any researchers know.
      dev/null
      • PLC

        @dev/null,
        The article is about the publication of vulnerabilities which are used by the industry strength malware called stuxnet.
        Hence, don't be surprised if stuxnet variants will appear due to this unpatched vulnerabilities.

        Regarding reactors and stuxnet, siemens PLC are the ones used by Iran nuclear facilities.
        Martmarty
    • @Martmarty, it's called &quot;science-fiction&quot;...

      ...not "science-fact". So get away from the boob tube.
      ahh so
      • RE: Attack code published for unpatched Stuxnet vulnerability

        @ahh so, sorry, but update yourself.
        Siemens are the PLC brand used by Iran nuclear facilities. So my above post is not far fetched.
        Martmarty
  • RE: Attack code published for unpatched Stuxnet vulnerability

    I'm very worried about this. Wonder what's on TV?
    james347
  • RE: Attack code published for unpatched Stuxnet vulnerability

    Oh no, the conveyor belt making my Donuts won't stop!! THERE IS A GOD!!
    james347