Exploit code for one of the zero-day vulnerabilities exploited by the Stuxnet worm has made its way online. There is still no patch currently available for the flaw, though Microsoft said one is forthcoming.
The code exploits a Windows Task Scheduler vulnerability and can be used to escalate privileges. The exploit code was added to the Exploit Database operated by Offensive Security.
The vulnerability was one of four zero-days used by the malware in its bid to compromise industrial control systems. The three others have all been patched since the worm was discovered this summer.
Researchers have spent the last several months trying to get to the bottom of the Stuxnet worm. Just recently, Symantec reported evidence that it targets frequency converter drives used to control the speed of motors and that the actual goal of the worm may be to disrupt nuclear programmes. In particular, speculation has focused on Iran as a possible target, as it has been the site of many of Stuxnet’s infections.
Among the other zero-days Stuxnet has been observed using are the .LNK shortcut vulnerability, patched in August; a vulnerability in the Windows Print Spooler service (MS10-061), patched in September; and another privilege escalation issue (MS10-073), patched in a massive update in October.
Early versions of the worm also spread without a vulnerability at all; instead abusing Windows’ AutoRun feature to compromise machines through infected USB devices.
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…