Microsoft Patches Stuxnet Vulnerability
Microsoft released 16 security bulletins today as part of a massive Patch Tuesday update.
The record-breaking update includes fixes for 49 security vulnerabilities affecting Windows, Internet Explorer, Microsoft Office and the .NET Framework. Mixed in with the fixes is a patch for one of the zero-day vulnerabilities used by the Stuxnet worm. According to Symantec's Joshua Talbot, Stuxnet--which targets industrial control systems--exploited a privilege escalation vulnerability in the Windows kernel-mode drivers.
"Stuxnet uses the Win32 Keyboard Layout Vulnerability to gain administrator privileges on infected computer systems," explained Talbot, security intelligence manager for Symantec Security Response. "This functionality ensures that none of the threat's malicious actions get blocked on targeted systems due to lack of permission."
The patch means there is still one zero-day used by the malware that remains open. However, the most urgent patches released today are unrelated to Stuxnet, some said.
For more, read the eWeek article Microsoft Patches Stuxnet Vulnerability in Massive Security Update.
The Role of Standards in Cloud Security
Security is often cited as a primary cause for concern...Watch Now
Ensuring Resources for Mission Critical Workloads
Application workloads can thrive in cloud environments,...Watch Now
Improving Security in the Public Cloud
One of the main concerns about moving data to a public...Watch Now