惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
WordPress大学
WordPress大学
宝玉的分享
宝玉的分享
人人都是产品经理
人人都是产品经理
博客园 - 聂微东
IT之家
IT之家
V
V2EX
Jina AI
Jina AI
V
Visual Studio Blog
有赞技术团队
有赞技术团队
博客园 - 司徒正美
博客园 - 叶小钗
The Cloudflare Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
小众软件
小众软件
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
博客园 - 三生石上(FineUI控件)
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
Google DeepMind News
Google DeepMind News
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
腾讯CDC
Google Online Security Blog
Google Online Security Blog
博客园 - 【当耐特】
Apple Machine Learning Research
Apple Machine Learning Research
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
N
News and Events Feed by Topic
N
News and Events Feed by Topic
The Last Watchdog
The Last Watchdog
W
WeLiveSecurity
月光博客
月光博客
Security Archives - TechRepublic
Security Archives - TechRepublic
Webroot Blog
Webroot Blog
SecWiki News
SecWiki News
博客园_首页
罗磊的独立博客
量子位
Latest news
Latest news
I
Intezer
V
Vulnerabilities – Threatpost
A
Arctic Wolf
Last Week in AI
Last Week in AI
Recent Commits to openclaw:main
Recent Commits to openclaw:main
S
SegmentFault 最新的问题
S
Security Affairs
阮一峰的网络日志
阮一峰的网络日志
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
酷 壳 – CoolShell
酷 壳 – CoolShell
P
Palo Alto Networks Blog
C
CXSECURITY Database RSS Feed - CXSecurity.com
N
News | PayPal Newsroom

stuxnet Archives - Security Affairs

Fast16: Pre-Stuxnet malware that targeted precision engineering software The role of a secret Dutch mole in the US-Israeli Stuxnet attack on Iran Iran hit by a more aggressive and sophisticated Stuxnet version Dragonfly 2.0: the sophisticated attack group is back with destructive purposes The Stuxnet vulnerability is still one of the most exploited flaws in the wild by hackers The alleged link between the Shadow Brokers data leak and the Stuxnet cyber weapon Malware posing as Siemens PLC application is targeting ICS worldwide SCADA Sssh! Don’t Talk, Filter it Shocking, a German nuclear plant suffered a disruptive cyber attack A malware was found in Iran petrochemical complexes, but it’s not linked to recent incidents
Microsoft Attempts To Fix Stuxnet For The Third Time
Pierluigi Paganini · 2017-08-05 · via stuxnet Archives - Security Affairs

Microsoft released a new security update on June 17th in an attempt to patch a vulnerability which allowed the Stuxnet Virus to exploit Windows systems.

The Stuxnet Virus which attacks Industrial Control Systems was first discovered in 2010 when it infected Iranian Programmable Logic Controllers.  Stuxnet compromises controllers by first targeting Windows operating systems and networks.  Propagating through infected Windows machines it locates Siemens software used to manage controllers. Stuxnet then collects information on the systems and in the case of the Iranian centrifuges caused them to malfunction, destroying the nuclear material they were enriching.

Stuxnet

Attempts by Microsoft to fix the vulnerability did not address how LNK files use attributes to identify folder location.  Microsoft’s explanation states LNK files were able to bypass the fix, resulting in a previously an unexpected vulnerability.

Affected Versions include:

  • Microsoft Windows 10 Version 1607 for 32-bit Systems
  • Microsoft Windows 10 Version 1607 for x64-based Systems
  • Microsoft Windows 10 for 32-bit Systems
  • Microsoft Windows 10 for x64-based Systems
  • Microsoft Windows 10 version 1511 for 32-bit Systems
  • Microsoft Windows 10 version 1511 for x64-based Systems
  • Microsoft Windows 10 version 1703 for 32-bit Systems
  • Microsoft Windows 10 version 1703 for x64-based Systems
  • Microsoft Windows 7 for 32-bit Systems SP1
  • Microsoft Windows 7 for x64-based Systems SP1
  • Microsoft Windows 8.1 for 32-bit Systems
  • Microsoft Windows 8.1 for x64-based Systems
  • Microsoft Windows RT 8.1
  • Microsoft Windows Server 2008 R2 for Itanium-based Systems SP1
  • Microsoft Windows Server 2008 R2 for x64-based Systems SP1
  • Microsoft Windows Server 2008 for 32-bit Systems SP2
  • Microsoft Windows Server 2008 for Itanium-based Systems SP2
  • Microsoft Windows Server 2008 for x64-based Systems SP2
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2016

Discovering Microsoft’s two previous attempts to fix the vulnerability had failed Microsoft released the June patch to address vulnerability CVE-2017-8464.  Microsoft confirmed that the flaw had been exploited in the wild. Exploits for the vulnerability are currently available for Metasploit, with videos available on Youtube on how to exploit the vulnerability.

According to an advisory published by the CERT Coordination Center at Carnegie Mellon University, hackers already know another method for bypassing Microsoft’s patches for the above issue.

“The fix for CVE-2010-2568 and the subsequent fix for CVE-2015-0096 are both insufficient in that they not take into account LNK files that use the SpecialFolderDataBlock or KnownFolderDataBlock attributes to specify the location of a folder. Such files are able to bypass the whitelisting first implemented in the fix for CVE-2010-2568,” CERT/CC said in its advisory.

“By convincing a user to display a specially-crafted shortcut file, an attacker may be able to execute arbitrary code with the privileges of the user. Depending on the operating system and AutoRun/AutoPlay configuration, this can happen automatically by connecting a USB device,” 

Additional steps can be taken to prevent the exploitation of this vulnerability by blocking outgoing connections on TCP and UDP ports 139 and 445.

Courtney Brack RabonCourtney “Brock” Rabon is KBRwyle’s Cyber Evangelist and has 11 years of experience helping Commercial and Federal clients meet their cyber security goals. He manages their Cyber Security Technologies Lab in Charleston, SC and can be reached at [email protected].

[adrotate banner=”9″] [adrotate banner=”12″]

Edited by Pierluigi Paganini

(Security Affairs –  Stuxnet, )

[adrotate banner=”13″]