According to eWEEK, security researchers say that the Stuxnet worm has been targeting four zero-day vulnerabilities in Windows in an effort to infect industrial control systems.
In July, a security researcher published a working exploit of a critical Windows vulnerability that was initially being used to spread the Stuxnet worm via USB drives. Microsoft released an out-of-band patch to address the vulnerability.
However, the malware has been exploiting multiple zero-day bugs. As CNET News notes, Microsoft's September Patch Tuesday patched a secondary propagation method used by the worm, a bug in the Print Spooler Service. Still, two elevation-of-privilege vulnerabilities remain unpatched.