Tuesday, November 23, 2010

Exploit Code For Stuxnet Windows Task Scheduler Bug Posted

Via Threatpost.com -

Exploit code is now publicly available for one of the four previously undisclosed Windows vulnerabilities that the Stuxnet worm exploits. The availability of exploit code for the Windows Task Scheduler bug used by Stuxnet makes the bug somewhat more dangerous, as there is currently no patch available for the flaw.

The Windows Task Scheduler exploit code was added to the Exploit Database over the weekend and is designed for use against systems running Windows Vista, Windows 7 or Windows Server 2008. The Task Scheduler bug is just one of several vulnerabilities that the Stuxnet worm uses in its attack routine. It's one of the less severe of that group of flaws, in that it's only used for privilege escalation once an attacker has already compromised a machine.

Microsoft has not released a patch for the Task Scheduler vulnerability as yet. The company has patched three other bugs used by Stuxnet, including the LNK flaw that was one of the things that originally brought the worm to researchers' attention earlier this year.


---------------------------------------------------------------------------------------------------------------------------

On Saturday, Nov 20th, the unpatched Task Scheduler exploit was also added to Metasploit.

https://www.metasploit.com/redmine/projects/framework/repository/revisions/11079/changes/scripts/meterpreter/schelevator.rb

No comments:

Post a Comment