Despite a larger than usual Patch Tuesday addressing 13 vulnerabilities yesterday, Microsoft appears to have left out a few vulnerabilities that the Stuxnet worm exploits. First publicized in July attacking vulnerable systems via a Windows shortcut bug, Stuxnet apparently uses four additional zero-day bugs and two stolen digital certificates to game the OS’s escalation of privileges system, according to security researchers at Kaspersky Labs.
Yesterday’s Patch Tuesday was also notable because it included four critical updates for XP. A previously-known Stuxnet-exploit in Windows’ Print Spooler service was part of yesterday’s Patch Tuesday group. The Windows shortcut issue was patched in August.
The latest vulnerability that Stuxnet has been exploiting involves yet another bug in Windows’ Print Spooler service. This vulnerability affects Windows XP, Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, according to Microsoft. The attacker can take control of a computer by sending a specially crafted print request to a vulnerable system where the print spooler service is exposed without authentication.
Microsoft rated the hole “critical” for Windows XP but only “important” for the other supported versions of Windows.
Microsoft will be addressing these isses.
“These are local EoP issues which means that an attacker, in this case Stuxnet, already has permission to run code on the system or has compromised the system through some other means,” wrote Jerry Bryant, group manager of Microsoft’s Response Commuications on the blog.
First reported by security vendor VirusBlokAda, the worm targeted Siemens’ Simatic WinCC and PCS 7 software, which run on industrial control systems. This has minimized the worm outbreak, as most operators separate the control network from business and public networks.