Stuxnet patch didn't work

Stefan Mileschin · 12th March 2015, 07:23

Microsoft's Stuxnet patch did not work properly and has left users open to the vulnerablity for five years.

Microsoft today is expected to release a security bulletin, MS15-020, patching the vulnerability (CVE-2015-0096). It is unknown whether there have been public exploits of patched machines. The original LNK patch was released Aug. 2, 2010.
The .LNK vulnerability was targeted by Stuxnet as it tried to take apart Iran’s nuclear program. German researcher Michael Heerklotz in January reported the new findings to HP’s Zero Day Initiative.

LNK files define shortcuts to files or directories; Windows allows them to use custom icons from control panel files (.CPL). In Windows, ZDI said, those icons are loaded from modules, either executables or DLLs; CPLs are DLLs. An attacker is able to then define which executable module would be loaded, and use the .LNK file to execute arbitrary code inside of the Windows shell.

Oddly the vulnerability does not seem to have been exploited in the wild, although the a Metasploit module has been available since 2010 and has been used in countless tests.

http://fudzilla.com/news/37237-stuxn...ch-didn-t-work

12th March 2015, 07:23	#1
Stefan Mileschin [M] Reviewer Join Date: May 2010 Location: Romania Posts: 148,500	Stuxnet patch didn't work Microsoft's Stuxnet patch did not work properly and has left users open to the vulnerablity for five years. Microsoft today is expected to release a security bulletin, MS15-020, patching the vulnerability (CVE-2015-0096). It is unknown whether there have been public exploits of patched machines. The original LNK patch was released Aug. 2, 2010. The .LNK vulnerability was targeted by Stuxnet as it tried to take apart Iran’s nuclear program. German researcher Michael Heerklotz in January reported the new findings to HP’s Zero Day Initiative. LNK files define shortcuts to files or directories; Windows allows them to use custom icons from control panel files (.CPL). In Windows, ZDI said, those icons are loaded from modules, either executables or DLLs; CPLs are DLLs. An attacker is able to then define which executable module would be loaded, and use the .LNK file to execute arbitrary code inside of the Windows shell. Oddly the vulnerability does not seem to have been exploited in the wild, although the a Metasploit module has been available since 2010 and has been used in countless tests. http://fudzilla.com/news/37237-stuxn...ch-didn-t-work

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
RSA didn't let the NSA in through the backdoor	Stefan Mileschin	WebNews	0	24th December 2013 14:47
Stuxnet encouraged Iran to boost cyber war capabilities	Stefan Mileschin	WebNews	0	21st January 2013 07:16
Stuxnet pinned on US and Israel as an out-of-control creation	Stefan Mileschin	WebNews	0	4th June 2012 08:13
Obama administration admits the USA was behind Stuxnet	Stefan Mileschin	WebNews	0	4th June 2012 08:09
Stuxnet was planted by Israeli backed terrorists	Stefan Mileschin	WebNews	0	16th April 2012 06:38
Stuxnet Worm Revisited by 60 Minutes	Stefan Mileschin	WebNews	0	5th March 2012 07:17
CPU Shipments Increase in Q2, Demand for PCs Didn't	jmke	WebNews	0	10th August 2009 14:47
Microsoft Patch Tuesday: 5 Criticals, 2 Important, 1 Moderate Patch	jmke	WebNews	0	14th April 2009 18:47
NYT: Yang Says Microsoft Didn’t Want to Negotiate	Shogun	WebNews	0	6th May 2008 22:22
BioShock to get Widescreen Patch and Install Limit Patch	jmke	WebNews	1	24th August 2007 17:40