Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stuxnet Attacks Used 4 Windows Zero-Day Exploits

Posted by CmdrTaco on from the i'll-exploit-you dept.

abadnog writes "The attackers behind the recent Stuxnet worm attack used four different zero-day security vulnerabilities to burrow into — and spread around — Microsoft's Windows operating system, according to a startling disclosure from Microsoft. Two of the four vulnerabilities are still unpatched. Microsoft said the attackers initially targeted the old MS08-067 vulnerability (used in the Conficker attack), a new LNK (Windows Shortcut) flaw to launch exploit code on vulnerable Windows systems and a zero-day bug in the Print Spooler Service that makes it possible for malicious code to be passed to, and then executed on, a remote machine. The malware also exploited two different elevation of privilege holes to gain complete control over the affected system."

1 of 67 comments (clear)

  1. That's why I also run Windows.... by rts008 · · Score: 0, Troll

    I like user-friendly[1] screen doors to enter my submarine! ;-)

    Ghahh! Where's all of that water coming from?
    All hands, 'Abandon ship!'

    [1] and hacker/cracker friendly, spammer friendly, gov't. friendly, and criminal friendly

    --
    Down With Slashdot BETA!!! I've been around the corner and seen the oliphant; you can only abuse me from your perspecti