Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security Windows

Stuxnet Attacks Used 4 Windows Zero-Day Exploits 67

Posted by CmdrTaco from the i'll-exploit-you dept.
abadnog writes "The attackers behind the recent Stuxnet worm attack used four different zero-day security vulnerabilities to burrow into — and spread around — Microsoft's Windows operating system, according to a startling disclosure from Microsoft. Two of the four vulnerabilities are still unpatched. Microsoft said the attackers initially targeted the old MS08-067 vulnerability (used in the Conficker attack), a new LNK (Windows Shortcut) flaw to launch exploit code on vulnerable Windows systems and a zero-day bug in the Print Spooler Service that makes it possible for malicious code to be passed to, and then executed on, a remote machine. The malware also exploited two different elevation of privilege holes to gain complete control over the affected system."
This discussion has been archived. No new comments can be posted.

Stuxnet Attacks Used 4 Windows Zero-Day Exploits More

Stuxnet Attacks Used 4 Windows Zero-Day Exploits

Comments Filter:

  • Re:4 != for (Score:2, Informative)

    by MozeeToby ( 1163751 ) on Tuesday September 14, 2010 @04:11PM (#33579638)

    Who else was all ready to flame about 4 being used to mean "for"?

    Fixed. And I'm legitimately trying to be helpful not just being a pain in the ass, it took me like 30 seconds to figure out what you were trying to say here.

  • Re:4 != for (Score:1, Informative)

    by Anonymous Coward on Tuesday September 14, 2010 @04:14PM (#33579694)
    I think he complains about the rule that numbers smaller than 10 should be written in words. So text should be "Four Windows.." not "4 Windows.." at the title.

  • Re:4 != for (Score:3, Informative)

    by clone53421 ( 1310749 ) on Tuesday September 14, 2010 @04:57PM (#33580190) Journal

    it took me like 30 seconds to figure out what you were trying to say here

    Same here – but I actually figured it out as soon as I looked up and read TFHeadline.

  • Re:Zero Day? (Score:4, Informative)

    by GrumpySteen ( 1250194 ) on Tuesday September 14, 2010 @05:15PM (#33580412)

    A zero-day vulnerability is widely recognized to be a vulnerability that is found only because it's being exploited, which is how the four vulnerabilities appear to have been discovered. I suspect that the author of the article reasoned that a zero-day vulnerability remains a zero-day vulnerability even after a patch is available for it.

    I don't think there's any guidelines for when, if ever, an exploit stops being called a zero-day vulnerability and becomes just a normal one.

  • Re:Zero Day? (Score:2, Informative)

    by Anonymous Coward on Tuesday September 14, 2010 @05:34PM (#33580690)

    TFS lists 5 vulnerabilities, one identified as old (MS08-067). What gives you the impression that they are calling the known exploit a zero day instead of the remaining four (previously undisclosed) that they list ? Generally when being pedantic it's best to ensure you aren't making a more obvious error.

  • Re:Zero Day? (Score:5, Informative)

    by NatasRevol ( 731260 ) on Tuesday September 14, 2010 @06:23PM (#33581258) Journal

    No, it can't. The article may use it that way, but it is incorrect.

    zero-day means that there is a hack before there is knowledge or, obviously, a fix of it.

    http://en.wikipedia.org/wiki/Zero-day_attack [wikipedia.org]

  • Re:Zero Day? (Score:3, Informative)

    by Lord Ender ( 156273 ) on Thursday September 16, 2010 @03:42PM (#33603450) Homepage

    Reference: common, universally-accepted infosec lingo.

    An zero-day exploit is an exploit which works against a zero-day vulnerability. As soon as a patch is released (day 1) neither the exploit nor the vulnerability are "zero-day" anymore.

Slashdot Top Deals

Software production is assumed to be a line function, but it is run like a staff function. -- Paul Licker

Close