Microsoft Fixes Stuxnet Rootkit Vulnerability

Today Microsoft released new patches for different windows operating system among the vulnerabilities fixed one that may be exploited by Stuxnet.

Stuxnet is a combination of rootkit, worm and Trojan that is spreading through removable drives using the Microsoft Windows Shortcut ‘LNK’ Files Automatic File Execution Vulnerability , at a previous case Siemens AG alerted that STUXNET has infected system supervisory control and data acquisition (SCADA).

Windows vulnerability allowed this dangerous worm to infect computers used to manage systems in airports, gas, Oil Company in Germany. While SCADA system is not connected to internet the worm spread itself on the LAN. Symantec stated that STUXNET are using print spooler vulnerability as it copies itself from one infected machine to another. The print spooler vulnerability itself allows for a file to be written to the %System% directory of a vulnerable machine. Stuxnet first uses this vulnerability to plant a copy of itself on a vulnerable machine and later it uses a feature of WBEM to achieve execution of that file on the remote machine.

Symantec has issued post that explain the worm component and how it can hook all Ntdll windows activities, the following image explain different Trojan component:

Curently there is nine bulletins has been released by Microsoft, four have received a maximum vulnerability impact rating of critical, the highest possible rating. Microsoft’s Jerry Bryant has posted on the technet blog graphs for the deployment priority and severity exportability index:

While there is critical vulnerabilities it is highly recomended to apply patches as soon as possible.

(If the images are not clear you can click to have the full size)

make sure you subscribe to my RSS feed!