Skip to main content

Microsoft overlooks four Stuxnet zero-day bugs in Patch Tuesday

Despite a larger than usual Patch Tuesday addressing 13 vulnerabilities yesterday, Microsoft appears to have left out a few vulnerabilities that the Stuxnet worm exploits. First publicized in July attacking vulnerable systems via a Windows shortcut bug, Stuxnet apparently uses four additional zero-day bugs and two stolen digital certificates to game the OS’s escalation of privileges system, according to security researchers at Kaspersky Labs.

Yesterday’s Patch Tuesday was also notable because it included four critical updates for XP. A previously-known Stuxnet-exploit in Windows’ Print Spooler service was part of yesterday’s Patch Tuesday group. The Windows shortcut issue was patched in August.

The latest vulnerability that Stuxnet has been exploiting involves yet another bug in Windows’ Print Spooler service.  This vulnerability affects Windows XP, Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, according to Microsoft. The attacker can take control of a computer by sending a specially crafted print request to a vulnerable system where the print spooler service is exposed without authentication.

Microsoft rated the hole  “critical” for Windows XP but only “important” for the other supported versions of Windows.

Microsoft will be addressing these isses.

“These are local EoP issues which means that an attacker, in this case Stuxnet, already has permission to run code on the system or has compromised the system through some other means,” wrote Jerry Bryant, group manager of Microsoft’s Response Commuications on the blog.

First reported by security vendor VirusBlokAda, the worm targeted Siemens’ Simatic WinCC and PCS 7 software, which run on industrial control systems. This has minimized the worm outbreak, as most operators separate the control network from business and public networks.

Editors' Recommendations

Fahmida Y. Rashid
Former Digital Trends Contributor
The best MacBook to buy in 2024
Apple MacBook Pro 16 downward view showing keyboard and speaker.

Now that Apple has started outfitting its laptops with its M3 generation of chips, it's time to take another look at which is the best MacBook to buy in 2024. That’s not always easy, though, as buying the newest MacBook isn’t always the right decision. Apple has several tiers of performance, as well as various sizes, which can further complicate the matter.

What’s more, you can also still get M1 and M2 MacBooks, some from Apple’s own website and some from third-party retailers. But are they still worth your money? Our guide should help you decide.

Read more
9 best laptops of 2024: tested and reviewed
The MacBook Air on a white table.

To earn the crown as the best laptop in 2024, a device needs to have it all: gorgeous design, killer performance, a productive keyboard, long-lasting battery life, and much more.

Each of the laptops below has been vetted thoroughly by Digital Trends. Whether it's an affordable Chromebook or a top-of-the-line gaming laptop, they've all been subjected to real-world testing, as well as benchmark and battery tests, to collect enough data to objectively pit them against each other.

Read more
All the ways Intel Macs are still better than Apple Silicon Macs
cheap macbook deals

MacBooks are pretty amazing these days. Thanks to the efficiency of Apple Silicon, you get all-day battery life, as well as the ability to edit videos when unplugged from power. The new MacBook Air with the M3 chip is even good enough for gaming.

All of that is in contrast to the Intel Macs of the past.

Read more