Slashdot Mirror

← Back to Stories (view on slashdot.org)

Incomplete Microsoft Patch Left Machines Exposed To Stuxnet LNK Vulnerability

Posted by Soulskill on from the fixing-the-fix-that-fixed-not-much-at-all dept.

msm1267 writes: A five-year-old Microsoft patch for the .LNK vulnerability exploited by Stuxnet failed to properly protect Windows machines, leaving them exposed to exploits since 2010. Microsoft today is expected to release a security bulletin, MS15-020, patching the vulnerability (CVE-2015-0096). It is unknown whether there have been public exploits of patched machines. The original LNK patch was released Aug. 2, 2010. "That patch didn't completely address the .LNK issue in the Windows shell, and there were weaknesses left behind that have been resolved in this patch," said Brian Gorenc, manager of vulnerability research with HP's Zero Day Initiative. Gorenc said the vulnerability works on Windows machines going back to Windows XP through Windows 8.1, and the proof of concept exploit developed by Heerklotz and tweaked by ZDI evades the validation checks put in place by the original Microsoft security bulletin, CVE-2010-2568.

5 of 33 comments (clear)

  1. Re:Incomplete? by FlyHelicopters · · Score: 2

    The might have... if doing so allowed Iran to be set back by a few years on nuclear weapons development, I could see that happening...

    The question becomes, do the ends justify the means?

    Most people give a straight up "yes/no" answer to that question, however the reality is that it is a gray line. It isn't hard to come up with a situation where the answer is yes, even to the most die hard "no" person.

  2. Torrents? by viperidaenz · · Score: 3, Interesting

    Is this why there are torrents out there with a several hundred megabyte file with the name of a TV show ending in .mp4.lnk ?

  3. Full details are now avaiable by InfoSecGnome · · Score: 5, Informative

    Full details about how the 2010 patch failed are now available. Looks like they tried to do a whitelist check for approved CPL files, but it didn't work. There's a video too, although a video showing how to use regedit is only so useful. http://h30499.www3.hp.com/t5/H...

  4. yep yep by Kekke · · Score: 4, Funny

    Howdy. Its NSA here, You can patch the hole now, Stux is no use to us anymore.
    Micro$oft: Ok, wilco. See You at lunch.

  5. Re:Oh boy by Impy+the+Impiuos+Imp · · Score: 3, Funny

    Microsoft issued a statement, "Oops."

    In a completely unrelated story, federal government threats of anti-trust prosecutions of Microsoft are at an all-time low.

    --
    (-1: Post disagrees with my already-settled worldview) is not a valid mod option.