Slashdot Mirror

← Back to Stories (view on slashdot.org)

Stuxnet Attacks Used 4 Windows Zero-Day Exploits

Posted by CmdrTaco on from the i'll-exploit-you dept.

abadnog writes "The attackers behind the recent Stuxnet worm attack used four different zero-day security vulnerabilities to burrow into — and spread around — Microsoft's Windows operating system, according to a startling disclosure from Microsoft. Two of the four vulnerabilities are still unpatched. Microsoft said the attackers initially targeted the old MS08-067 vulnerability (used in the Conficker attack), a new LNK (Windows Shortcut) flaw to launch exploit code on vulnerable Windows systems and a zero-day bug in the Print Spooler Service that makes it possible for malicious code to be passed to, and then executed on, a remote machine. The malware also exploited two different elevation of privilege holes to gain complete control over the affected system."

4 of 67 comments (clear)

  1. Well, at least by by+(1706743) · · Score: 4, Funny

    ...zero-day bug in the Print Spooler Service...

    it won't affect the iPad!

    Yeah, yeah, -1 Troll, -1 Flamebait, -1 Offtopic...

  2. Re:Zero Day? by CannonballHead · · Score: 4, Insightful

    define: zero day
    Pertaining to the day on which software is released; New; as yet unpatched

    So it sounds like zero day means that it was present in the unpatched version?

    That said, the summary says nothing about patched vs. unpatched. There would be a great outcry if a vulnerability in Linux/OSS was exploited, even though that vulnerability was already patched, and the summary failed to mention that the only reason it was exploited was because the system was NOT patched...

  3. Re:Zero Day? by GrumpySteen · · Score: 4, Informative

    A zero-day vulnerability is widely recognized to be a vulnerability that is found only because it's being exploited, which is how the four vulnerabilities appear to have been discovered. I suspect that the author of the article reasoned that a zero-day vulnerability remains a zero-day vulnerability even after a patch is available for it.

    I don't think there's any guidelines for when, if ever, an exploit stops being called a zero-day vulnerability and becomes just a normal one.

  4. Re:Zero Day? by NatasRevol · · Score: 4, Informative

    No, it can't. The article may use it that way, but it is incorrect.

    zero-day means that there is a hack before there is knowledge or, obviously, a fix of it.

    http://en.wikipedia.org/wiki/Zero-day_attack

    --
    There are two types of people in the world: Those who crave closure