Stuxnet: this worm’s not for turning

Microsoft and security professionals are struggling to close Stuxnet wormholes, despite reports suggesting the latest Patch Tuesday from Microsoft had resolved the problem.

Stuxnet: this worm's not for turning

Microsoft released nine security updates to close 11 security holes in Windows, Office and Internet Information Services this month, but there are still undisclosed vulnerabilities that could allow Stuxnet to propagate, according to security officials.

The Stuxnet worm first appeared back in July, exploiting a LNK/PIF vulnerability, which allowed the worm to spread via removable storage and networks.

The software giant released an “out-of-band” update to fix the vulnerability, but Stuxnet had a box of tricks up its sleeve.

One of the things our research has identified is that Stuxnet uses several Windows zero-day vulnerabilities

In this month’s Patch Tuesday, Microsoft was forced to issue another critical update targeting the worm, this time to fix a vulnerability uncovered by Kaspersky labs.

The security company said the flaw allowed the worm to use Windows Print Spooler to send malicious code to a remote computer, where Stuxnet then attempted to spread to other computers on a network.

Although that vulnerability has now been plugged with security update MS10-061, Kaspersky says two more vulnerabilities remain unpatched.

“One of the things our research has identified is that Stuxnet uses several Windows zero-day vulnerabilities,” said Alexander Gostev, chief security expert at Kaspersky, in his blog.

“We’ve identified yet another zero-day vulnerability in Stuxnet’s code, this time an Elevation of Privilege (EoP) vulnerability. The worm uses this to get complete control over the affected system. A second EoP vulnerability was identified by Microsoft.

“The fact that Stuxnet uses four previously unidentified vulnerabilities makes the worm a real standout among malware.”

In its security response blog, Microsoft confirmed the two unpatched threats and said the company would be patching them as soon as possible.

“These are local EoP issues which means that an attacker, in this case Stuxnet, already has permission to run code on the system or has compromised the system through some other means,” communications manager Jerry Bryant said in a Microsoft Response blog post. “We are currently working to address both issues in a future bulletin.”

Disclaimer: Some pages on this site may include an affiliate link. This does not effect our editorial in any way.

Todays Highlights
How to See Google Search History
how to download photos from google photos