/>
X

Attack code published for unpatched Stuxnet vulnerability

Exploit code for one of the still-unpatched Windows vulnerability used in the Stuxnet malware has been posted on the web, a move that puts pressure on Microsoft to release a security patch.
ryan-naraine.jpg
Written by Ryan Naraine on

Exploit code for one of the still-unpatched Windows vulnerability used in the Stuxnet malware has been posted on the web, a move that puts pressure on Microsoft to release a security patch.

The exploit, written by webDEViL, provides a roadmap to exploit a flaw in the Windows Task Scheduler to elevate rights on vulnerable Windows machines.

[ SEE: Stuxnet -- A possible attack scenario ]

It has been successfully tested on systems running Windows Vista, Windows 7 and Windows Server 2008.

The privilege escalation flaw in the Task Scheduler was just one of five different vulnerabilities exploited in the mysterious Stuxnet worm attack.   Four of the five were zero-day (previously unknown).

Here's a breakdown of the five Windows vulnerabilities targeted by Stuxnet.

  • LNK (MS10-046)
  • Print Spooler (MS10-061)
  • Server Service (MS08-067)
  • Privilege escalation via Keyboard layout file (MS10-073)
  • Privilege escalation via Task Scheduler (still unpatched)

The folks at F-Secure has a great FAQ on Stuxnet.

ALSO SEE:

Related

Why you should really stop charging your phone overnight
iphone-charging.jpg

Why you should really stop charging your phone overnight

iPhone
How to get Photoshop for free
photoshop free trial

How to get Photoshop for free

Photo & Video
Samsung phone deal: Get the Galaxy S22 Ultra for $299
1296x729-29

Samsung phone deal: Get the Galaxy S22 Ultra for $299

Smartphones