Nytro Posted November 24, 2010 Report Share Posted November 24, 2010 Exploit code for one of the zero-day vulnerabilities exploited by StuxnetExploit code for one of the zero-day vulnerabilities exploited by the Stuxnet worm has made its way online.The code exploits a Windows Task Scheduler vulnerability, and can be used to escalate privileges. The exploit code was added to the Exploit Database operated by Offensive Security Nov. 20. There is no patch currently available for the flaw, though Microsoft said one is forthcoming.“Microsoft is aware of the public posting of the details of an Elevation of Privilege vulnerability used by the Stuxnet malware,” Jerry Bryant, group manager of Response Communications at Microsoft, said in a statement. “We first discussed this vulnerability in September 2010. Because this is a local Elevation-of-Privilege issue, it requires attackers to be already able to execute code on a targeted machine. A bulletin addressing this issue will be released as part of our regular monthly bulletin cycle in the near future.”The vulnerability was one of four zero-days used by the malware in its bid to compromise industrial control systems. The three others have all been patched since the worm was discovered this summer.Researchers have spent the last several months trying to get to the bottom of the Stuxnet worm. Just recently, Symantec reported evidence that it targets frequency converter drives used to control the speed of motors, and that the actual goal of the worm may be to disrupt nuclear programs. In particular, speculation has focused on Iran as a possible target, as it has been the site of many of Stuxnet's infections.Among the other zero-days Stuxnet has been observed using are the .LNK shortcut vulnerability, patched in August; a vulnerability in the Windows Print Spooler service (MS10-061), patched in September; and another privilege escalation issue (MS10-073), patched in a massive update in October.Early versions of the worm also spread without a vulnerability at all; instead abusing How Stuxnet Malware Used AutoRun Trick to Infect PCs - Security - News & Reviews to compromise machines through infected USB devices.Sursa: Exploit Code for Windows Zero-Day Targeted by Stuxnet Goes Public - Security - News & Reviews Quote Link to comment Share on other sites More sharing options...
mike_vio Posted March 9, 2011 Report Share Posted March 9, 2011 Cum se poate exploata acea vulnerabilitate a .lnk ? asa mai pe intelesul incepatorilor. Atat am gasit, "When Windows parses autorun.inf files the parsing is quite forgiving," he continued. "Specifically, any characters that are not understood as being part of legitimate AutoRun commands are skipped as garbage and parsing continues. Stuxnet uses this fact to its advantage by placing the MZ file first within the autorun.inf file. When Windows parses the autorun.inf file all of the MZ content will be ignored as garbage until the legitimate AutoRun commands that are appended at the end of the file are encountered" dar poate a studiat cineva mai mult problema tinand cont ca multi utilizatori isi opresc update-urile la windoz. Quote Link to comment Share on other sites More sharing options...
