Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stuxnet Attacks Used 4 Windows Zero-Day Exploits

Posted by CmdrTaco on from the i'll-exploit-you dept.

abadnog writes "The attackers behind the recent Stuxnet worm attack used four different zero-day security vulnerabilities to burrow into — and spread around — Microsoft's Windows operating system, according to a startling disclosure from Microsoft. Two of the four vulnerabilities are still unpatched. Microsoft said the attackers initially targeted the old MS08-067 vulnerability (used in the Conficker attack), a new LNK (Windows Shortcut) flaw to launch exploit code on vulnerable Windows systems and a zero-day bug in the Print Spooler Service that makes it possible for malicious code to be passed to, and then executed on, a remote machine. The malware also exploited two different elevation of privilege holes to gain complete control over the affected system."

7 of 67 comments (clear)

  1. Re:4 != for by MozeeToby · · Score: 1, Informative

    Who else was all ready to flame about 4 being used to mean "for"?

    Fixed. And I'm legitimately trying to be helpful not just being a pain in the ass, it took me like 30 seconds to figure out what you were trying to say here.

  2. Re:4 != for by Anonymous Coward · · Score: 1, Informative

    I think he complains about the rule that numbers smaller than 10 should be written in words. So text should be "Four Windows.." not "4 Windows.." at the title.

  3. Re:4 != for by clone53421 · · Score: 2, Informative

    it took me like 30 seconds to figure out what you were trying to say here

    Same here – but I actually figured it out as soon as I looked up and read TFHeadline.

    --
    Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
  4. Re:Zero Day? by GrumpySteen · · Score: 4, Informative

    A zero-day vulnerability is widely recognized to be a vulnerability that is found only because it's being exploited, which is how the four vulnerabilities appear to have been discovered. I suspect that the author of the article reasoned that a zero-day vulnerability remains a zero-day vulnerability even after a patch is available for it.

    I don't think there's any guidelines for when, if ever, an exploit stops being called a zero-day vulnerability and becomes just a normal one.

  5. Re:Zero Day? by Anonymous Coward · · Score: 2, Informative

    TFS lists 5 vulnerabilities, one identified as old (MS08-067). What gives you the impression that they are calling the known exploit a zero day instead of the remaining four (previously undisclosed) that they list ? Generally when being pedantic it's best to ensure you aren't making a more obvious error.

  6. Re:Zero Day? by NatasRevol · · Score: 4, Informative

    No, it can't. The article may use it that way, but it is incorrect.

    zero-day means that there is a hack before there is knowledge or, obviously, a fix of it.

    http://en.wikipedia.org/wiki/Zero-day_attack

    --
    There are two types of people in the world: Those who crave closure
  7. Re:Zero Day? by Lord+Ender · · Score: 2, Informative

    Reference: common, universally-accepted infosec lingo.

    An zero-day exploit is an exploit which works against a zero-day vulnerability. As soon as a patch is released (day 1) neither the exploit nor the vulnerability are "zero-day" anymore.

    --
    A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.