Exploit code for still unpatched 0-day used by Stuxnet released
Posted on 23 November 2010.
After Stuxnet hit, it was discovered that it took advantage of four previously unknown Windows zero-day vulnerabilities to spread and compromise targeted systems.

Three of those have already been patched by Microsoft - the LNK vulnerability, the vulnerability located in the Print Spooler service, and a Windows XP local privilege escalation flaw - but the fourth one still remains unpatched.

That wouldn't be such a major problem, if it weren't for the fact that someone whose Internet handle is webDEViL hadn't released Proof-of-Concept exploit code for it.

While we could all use an out-of-band patch to plug the hole, it is doubtful that Microsoft will provide one since the flaw can be abused only if the attacker has already managed to access a limited account on the compromised system.






Spotlight

Over 225,000 Apple accounts compromised via iOS malware

Researchers from Palo Alto Networks and WeipTech have unearthed a scheme that resulted in the largest known Apple account theft caused by malware. All in all, some 225,000 valid Apple accounts have been compromised.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  
DON'T
MISS

Tue, Sep 1st
    COPYRIGHT 1998-2015 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //