Microsoft Fixes Stuxnet Rootkit Vulnerability

Today Microsoft released new patches for different windows operating system among the vulnerabilities fixed one that may be exploited by Stuxnet.

Stuxnet is a combination of rootkit, worm and Trojan that is spreading through removable drives using the Microsoft Windows Shortcut ‘LNK’ Files Automatic File Execution Vulnerability , at a previous case Siemens AG alerted that STUXNET has infected system supervisory control and data acquisition (SCADA).

Windows vulnerability allowed this dangerous worm to infect computers used to manage systems in airports, gas, Oil Company in Germany. While SCADA system is not connected to internet the worm spread itself on the LAN. Symantec stated that STUXNET are using print spooler vulnerability as it copies itself from one infected machine to another. The print spooler vulnerability itself allows for a file to be written to the %System% directory of a vulnerable machine. Stuxnet first uses this vulnerability to plant a copy of itself on a vulnerable machine and later it uses a feature of WBEM to achieve execution of that file on the remote machine.

Symantec has issued post that explain the worm component and how it can hook all Ntdll windows activities, the following image explain different Trojan component:

Curently there is nine bulletins has been released by Microsoft, four have received a maximum vulnerability impact rating of critical, the highest possible rating. Microsoft’s Jerry Bryant has posted on the technet blog graphs for the deployment priority and severity exportability index:

While there is critical vulnerabilities it is highly recomended to apply patches as soon as possible.

(If the images are not clear you can click to have the full size)

make sure you subscribe to my RSS feed!

Share
Subscribe
Notify of
guest
11 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments
trackback

[…] This post was mentioned on Twitter by Jovi Umawing, Seeb, Mourad Ben Lakhoua, Mourad ben lakhoua, Mourad ben lakhoua and others. Mourad ben lakhoua said: Microsoft Fixes Stuxnet Rootkit Vulnerability… http://fb.me/xCsVTKsC […]

trackback

“@MBenLakhoua: Microsoft Fixes Stuxnet Rootkit Vulnerability http://bit.ly/a5p6C3”

trackback

Microsoft Fixes Stuxnet Rootkit Vulnerability http://bit.ly/a5p6C3

trackback

RT @MBenLakhoua: Microsoft Fixes Stuxnet Rootkit Vulnerability http://bit.ly/a5p6C3 << via @sectechno >> #security #infosec …

trackback

RT @MBenLakhoua: Microsoft Fixes Stuxnet Rootkit Vulnerability http://bit.ly/a5p6C3 << via @sectechno >> #security #infosec …

trackback

RT @bartblaze: RT @Sectechno Microsoft Fixes Stuxnet Rootkit Vulnerability http://bit.ly/aMuq1n

trackback

RT @Sectechno Microsoft Fixes Stuxnet Rootkit Vulnerability http://bit.ly/aMuq1n

trackback

RT @MBenLakhoua: Microsoft Fixes Stuxnet Rootkit Vulnerability http://bit.ly/a5p6C3 << via @sectechno >> #security #infosec …

trackback

Microsoft Fixes Stuxnet Rootkit Vulnerability http://bit.ly/a5p6C3 << via @sectechno >> #security #infosec #Microsoft

trackback

#Microsoft_Fixes Stuxnet Rootkit #Vulnerability: [sectechno.com] Today Microsoft released #new_patches for different… http://dlvr.it/5GTtX

trackback

RT @MBenLakhoua: RT @sectechno: Microsoft Fixes Stuxnet Rootkit Vulnerability http://bit.ly/a5p6C3 #security #infosec #Microsoft