The Members Forum

Members Login
Username 
 
Password 
    Remember Me  
Post Info TOPIC: Stuxnet attackers used 4 Windows zero-day exploits


Administrator / Manager

Status: Offline
Posts: 2499
Date:
Stuxnet attackers used 4 Windows zero-day exploits
Permalink   


The attackers behind the recent Stuxnet worm attack used four different zero-day security vulnerabilities to burrow into — and spread around — Microsoft’s Windows operating system, according to a startling disclosure from the world’s largest software maker.

Two of the four vulnerabilities are still unpatched.

As new details emerge to shine a brighter light on the Stuxnet attack, Microsoft said the attackers initially targeted the old MS08-067 vulnerability (used in the Conficker attack), a new LNK (Windows Shortcut) flaw to launch exploit code on vulnerable Windows systems and a zero-day bug in the Print Spooler Service that makes it possible for malicious code to be passed to, and then executed on, a remote machine.

The malware also exploited two different elevation of privilege holes to gain complete control over the affected system.  These two flaws are still unpatched.

Kaspersky Lab discovered two of the three new zero-days and worked closely with Microsoft during the research and patch-creation process.

ZDNet has the details HERE!



__________________

http://www.mycomputerplayground.com
http://www.digitaldrama.net
http://www.thisrules.net
Page 1 of 1  sorted by
 
Quick Reply

Please log in to post quick replies.

Tweet this page Post to Digg Post to Del.icio.us


Create your own FREE Forum
Report Abuse
Powered by ActiveBoard