Slashdot Mirror

← Back to Stories (view on slashdot.org)

Incomplete Microsoft Patch Left Machines Exposed To Stuxnet LNK Vulnerability

Posted by Soulskill on from the fixing-the-fix-that-fixed-not-much-at-all dept.

msm1267 writes: A five-year-old Microsoft patch for the .LNK vulnerability exploited by Stuxnet failed to properly protect Windows machines, leaving them exposed to exploits since 2010. Microsoft today is expected to release a security bulletin, MS15-020, patching the vulnerability (CVE-2015-0096). It is unknown whether there have been public exploits of patched machines. The original LNK patch was released Aug. 2, 2010. "That patch didn't completely address the .LNK issue in the Windows shell, and there were weaknesses left behind that have been resolved in this patch," said Brian Gorenc, manager of vulnerability research with HP's Zero Day Initiative. Gorenc said the vulnerability works on Windows machines going back to Windows XP through Windows 8.1, and the proof of concept exploit developed by Heerklotz and tweaked by ZDI evades the validation checks put in place by the original Microsoft security bulletin, CVE-2010-2568.

20 of 33 comments (clear)

  1. Oh boy by hyperar · · Score: 1

    This is going to get ugly

    1. Re:Oh boy by bhcompy · · Score: 1

      Yep, my steam turbines are going to fail earlier than I thought. Hate it when that happens

    2. Re:Oh boy by Impy+the+Impiuos+Imp · · Score: 3, Funny

      Microsoft issued a statement, "Oops."

      In a completely unrelated story, federal government threats of anti-trust prosecutions of Microsoft are at an all-time low.

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
  2. Re:Incomplete? by FlyHelicopters · · Score: 2

    The might have... if doing so allowed Iran to be set back by a few years on nuclear weapons development, I could see that happening...

    The question becomes, do the ends justify the means?

    Most people give a straight up "yes/no" answer to that question, however the reality is that it is a gray line. It isn't hard to come up with a situation where the answer is yes, even to the most die hard "no" person.

  3. Torrents? by viperidaenz · · Score: 3, Interesting

    Is this why there are torrents out there with a several hundred megabyte file with the name of a TV show ending in .mp4.lnk ?

    1. Re:Torrents? by Anonymous Coward · · Score: 1

      Download it, let us know how it turns out for you!

  4. Re:Incomplete? by TheCastro1689 · · Score: 1

    Companies have the power and backing to crush you, while other software companies don't. Even after the whole monopoly busting thing I'm sure MS and it's richer employees have bought many politicians and other government workers.

  5. SoylentNews Rocks by Frosty+Piss · · Score: 1

    I don't even read Slashdot "stories" about Microsoft anymore, because most are just obvious "troll" or click-bait aimed at the anti-microsofties that prevail at Slashdot.

    Soylentnews.com is a great site.

    --
    If you want news from today, you have to come back tomorrow.
    1. Re:SoylentNews Rocks by Anonymous Coward · · Score: 1

      Go fuck yourself with the plastic fake penis your mother gave you when you wanted to explore your rectum.

    2. Re:SoylentNews Rocks by muirhead · · Score: 1

      I don't even read Slashdot "stories" about Microsoft anymore, because most are just obvious "troll" or click-bait aimed at the anti-microsofties that prevail at Slashdot.

      Soylentnews.com is a great site.

      http://soylentnews.org/article.pl?sid=15/03/01/1949210 Are you sure?

    3. Re: SoylentNews Rocks by LocutusOfBorg1 · · Score: 1

      They don't even have a mobile website. Do they really think this year will be the year of desktops?

    4. Re:SoylentNews Rocks by Jack+Griffin · · Score: 1

      Look I'm pissed off with slashdot as much as the next guy, but soylentnews looks so shit it is unreadable. I feel like I'm reading some 1994 VGA text in horrible 4 bit colours. I'm glad they want to do better, but they're going to have to try a bit harder than that.

  6. Re:Incomplete? by Anonymous Coward · · Score: 1

    I've been a software engineer at MS off and on for 15+ years. I've never seen any agreement that said I could not discuss my work there. Make up your mind: is everything MS ever does insecure, or is it secure enough that they have to leave in back doors intentionally?

  7. Secure Consumer OS = Oxymoron by BoRegardless · · Score: 1

    Doesn't exist on so many levels it is now passé.

    1. Re:Secure Consumer OS = Oxymoron by Anonymous Coward · · Score: 1

      They don't want you to be secure FROM THEM, even if that opens you up to everyone else. Who the fuck are you, if you don't have an acronym after your name?

  8. Full details are now avaiable by InfoSecGnome · · Score: 5, Informative

    Full details about how the 2010 patch failed are now available. Looks like they tried to do a whitelist check for approved CPL files, but it didn't work. There's a video too, although a video showing how to use regedit is only so useful. http://h30499.www3.hp.com/t5/H...

  9. yep yep by Kekke · · Score: 4, Funny

    Howdy. Its NSA here, You can patch the hole now, Stux is no use to us anymore.
    Micro$oft: Ok, wilco. See You at lunch.

  10. Now I know by Virtucon · · Score: 1

    why all my centrifuges just blew up.

    Curse You Microsoft!

    --
    Harrison's Postulate - "For every action there is an equal and opposite criticism"
    1. Re:Now I know by whoever57 · · Score: 1

      With your username, that's an excellent joke!

      --
      The real "Libtards" are the Libertarians!
  11. Re:Incomplete? by drinkypoo · · Score: 1

    Even after the whole monopoly busting thing

    What monopoly-busting thing? The DoJ found Microsoft guilty of having abused its monopoly position, then Ashcroft (under Bush) excused them for their wrongdoing and nothing happened.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"