Exploit code for still unpatched 0-day used by Stuxnet released
Posted on 23 November 2010.
After Stuxnet hit, it was discovered that it took advantage of four previously unknown Windows zero-day vulnerabilities to spread and compromise targeted systems.

Three of those have already been patched by Microsoft - the LNK vulnerability, the vulnerability located in the Print Spooler service, and a Windows XP local privilege escalation flaw - but the fourth one still remains unpatched.

That wouldn't be such a major problem, if it weren't for the fact that someone whose Internet handle is webDEViL hadn't released Proof-of-Concept exploit code for it.

While we could all use an out-of-band patch to plug the hole, it is doubtful that Microsoft will provide one since the flaw can be abused only if the attacker has already managed to access a limited account on the compromised system.






Spotlight

The role of the cloud in the modern security architecture

Posted on 31 July 2014.  |  Stephen Pao, General Manager, Security Business at Barracuda Networks, offers advice to CISOs concerned about moving the secure storage of their documents into the cloud and discusses how the cloud shaping the modern security architecture.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Aug 1st
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //