Stuxnet Attacks Used 4 Windows Zero-Day Exploits

abadnog writes "The attackers behind the recent Stuxnet worm attack used four different zero-day security vulnerabilities to burrow into — and spread around — Microsoft's Windows operating system, according to a startling disclosure from Microsoft. Two of the four vulnerabilities are still unpatched. Microsoft said the attackers initially targeted the old MS08-067 vulnerability (used in the Conficker attack), a new LNK (Windows Shortcut) flaw to launch exploit code on vulnerable Windows systems and a zero-day bug in the Print Spooler Service that makes it possible for malicious code to be passed to, and then executed on, a remote machine. The malware also exploited two different elevation of privilege holes to gain complete control over the affected system."

Re:Zero Day?

[GrumpySteen]

A zero-day vulnerability is widely recognized to be a vulnerability that is found only because it's being exploited, which is how the four vulnerabilities appear to have been discovered. I suspect that the author of the article reasoned that a zero-day vulnerability remains a zero-day vulnerability even after a patch is available for it.

I don't think there's any guidelines for when, if ever, an exploit stops being called a zero-day vulnerability and becomes just a normal one.

Re:Zero Day?

[NatasRevol]

No, it can't. The article may use it that way, but it is incorrect.

zero-day means that there is a hack before there is knowledge or, obviously, a fix of it.

http://en.wikipedia.org/wiki/Zero-day_attack