Microsoft Stuxnet Patch Coming in the 'Near Future'

Sue Marquette Poremba
Slide Show

Five Places Where Malware Hides

Malware has to live somewhere. And while some Web filtering solutions can detect known malware hosts, most malware hides in sites that are otherwise benign.

Move over Zeus. Stuxnet is now stealing all the headlines. Not that I think Zeus is any less evil, nor is it going away. The problem is, Stuxnet is perhaps even more evil and depending on how it is targeted, can do irreparable damage to an already fragile utility infrastructure.


The concern now is whether or not Stuxnet is being taken seriously enough. An article at stated that:

Exploit code for one of the zero-day vulnerabilities exploited by the Stuxnet worm has made its way online. The code exploits a Windows Task Scheduler vulnerability, and can be used to escalate privileges. The exploit code was added to the Exploit Database operated by Offensive Security Nov. 20. There is no patch currently available for the flaw, though Microsoft said one is forthcoming.

When that fix is coming, however, is the question. An article at The Tech Herald reported that Microsoft only stated that a fix is coming in the near future, which could be on the next Patch Tuesday or sometime well into next year. As the folks at Help Net Security said, that wouldn't be a huge problem, except:

if it weren't for the fact that someone whose Internet handle is webDEViL hadn't released Proof-of-Concept exploit code for it.

While we could all use an out-of-band patch to plug the hole, it is doubtful that Microsoft will provide one since the flaw can be abused only if the attacker has already managed to access a limited account on the compromised system.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.




Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.