Microsoft Patches Stuxnet Vulnerability

Microsoft released 16 security bulletins today as part of a massive Patch
Tuesday update.

The record-breaking update includes fixes for 49
security vulnerabilities
affecting Windows, Internet Explorer, Microsoft
Office and the .NET Framework. Mixed in with
the fixes is a patch for one of the zero-day vulnerabilities
used by
the Stuxnet worm. According to Symantec’s Joshua Talbot, Stuxnet–which
targets industrial control systems–exploited a privilege escalation
vulnerability in the Windows kernel-mode drivers.

"Stuxnet uses the Win32 Keyboard Layout Vulnerability to gain
administrator privileges on infected computer systems," explained Talbot,
security intelligence manager for Symantec Security Response. "This
functionality ensures that none of the threat’s malicious actions get blocked
on targeted systems due to lack of permission."

The patch means there is still one zero-day used by the malware that remains
open. However, the most urgent patches released today are unrelated to
Stuxnet, some said.

For more, read the eWeek article Microsoft Patches Stuxnet Vulnerability in Massive Security Update.

CIO Insight Staff
CIO Insight Staff
CIO Insight offers thought leadership and best practices in the IT security and management industry while providing expert recommendations on software solutions for IT leaders. It is the trusted resource for security professionals who need network monitoring technology and solutions to maintain regulatory compliance for their teams and organizations.

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.

Latest Articles