Makerere University

Enter a keyword or two into the search box above and click search..

Windows PCs vulnerable to Stuxnet attack — five years after patch

You are here

The only thing worse than a critical flaw that’s quietly exploited for years is a critical flaw that’s supposedly patched. That’s the situation the entire Windows world is in today, now that HP has released details on a critical vulnerability within the original Stuxnet patch Microsoft released way back in 2010.

First, a bit of history is in order. Stuxnet has the distinction of being one of the few computer viruses to cause verified damage in the real world. First discovered in June, 2010 it was reportedly used to destroy up to one-fifth of Iranian centrifuges and to delay that country’s nuclear ambitions. Stuxnet functions by targeting the rotation speeds of very specific motors, spinning them up and then immediately spinning them down again.

Stuxnet

Stuxnet had a number of characteristics that distinguished it from conventional payloads. It was highly targeted to only activate in precise conditions and it could spread across air-gapped computers through the use of USB keys, even if Autorun was disabled on the target systems. It relied on no fewer than four zero-day attacks and had rootkits in both kernel and usermode — in short, it was a nasty, highly particular, and highly targeted piece of work. One of the ways that Stuxnet spread was through a vulnerability in LNK files.

By default, Windows allows .LNK files (which define shortcuts) to use custom icons from Control Panel files (CPL files). The problem is, these CPL files are actually DLLs, or Dynamic Link Libraries. It was therefore possible to load arbitrary code within a Windows shell session simply by displaying an icon.

Microsoft released a patch for Stuxnet, MS10-046, by the end of August — but according to HP’s Zero Day Initiative, that patch had serious holes in it. Attackers were more than capable of reverse-engineering that patch and finding these loopholes, then crafting solutions that dodged Microsoft’s own security efforts. The virus lived on in any case, eventually making it aboard the International Space Station.

HP doesn’t pull its punches in its blog post, noting that “The patch failed. And for more than four years, all Windows systems have been vulnerable to exactly the same attack that Stuxnet used for initial deployment.” Microsoft’s new update, MS15-020, is supposed to seal the gaps left open five years ago, though further analysis will be needed to tell if that’s the case.

For more information go to the link below

[source] http://www.extremetech.com/computing/200898-windows-pcs-vulnerable-to-stuxnet-attack-five-years-after-patches

Category: