Exploit code for still unpatched 0-day used by Stuxnet released
Posted on 23 November 2010.
After Stuxnet hit, it was discovered that it took advantage of four previously unknown Windows zero-day vulnerabilities to spread and compromise targeted systems.

Three of those have already been patched by Microsoft - the LNK vulnerability, the vulnerability located in the Print Spooler service, and a Windows XP local privilege escalation flaw - but the fourth one still remains unpatched.

That wouldn't be such a major problem, if it weren't for the fact that someone whose Internet handle is webDEViL hadn't released Proof-of-Concept exploit code for it.

While we could all use an out-of-band patch to plug the hole, it is doubtful that Microsoft will provide one since the flaw can be abused only if the attacker has already managed to access a limited account on the compromised system.






Spotlight

Biggest ever cyber security exercise in Europe is underway

Posted on 30 October 2014.  |  More than 200 organisations and 400 cyber-security professionals from 29 European countries are testing their readiness to counter cyber-attacks in a day-long simulation, organised by the European Network and Information Security Agency (ENISA).


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Oct 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //