Incomplete Microsoft Patch Left Machines Exposed To Stuxnet LNK Vulnerability 33
msm1267 writes: A five-year-old Microsoft patch for the .LNK vulnerability exploited by Stuxnet failed to properly protect Windows machines, leaving them exposed to exploits since 2010. Microsoft today is expected to release a security bulletin, MS15-020, patching the vulnerability (CVE-2015-0096). It is unknown whether there have been public exploits of patched machines. The original LNK patch was released Aug. 2, 2010. "That patch didn't completely address the .LNK issue in the Windows shell, and there were weaknesses left behind that have been resolved in this patch," said Brian Gorenc, manager of vulnerability research with HP's Zero Day Initiative. Gorenc said the vulnerability works on Windows machines going back to Windows XP through Windows 8.1, and the proof of concept exploit developed by Heerklotz and tweaked by ZDI evades the validation checks put in place by the original Microsoft security bulletin, CVE-2010-2568.
Oh boy (Score:1)
Re: (Score:3, Funny)
Microsoft issued a statement, "Oops."
In a completely unrelated story, federal government threats of anti-trust prosecutions of Microsoft are at an all-time low.
Re: (Score:2)
Re: (Score:3)
The might have... if doing so allowed Iran to be set back by a few years on nuclear weapons development, I could see that happening...
The question becomes, do the ends justify the means?
Most people give a straight up "yes/no" answer to that question, however the reality is that it is a gray line. It isn't hard to come up with a situation where the answer is yes, even to the most die hard "no" person.
Re: (Score:2)
Re: (Score:2)
Even after the whole monopoly busting thing
What monopoly-busting thing? The DoJ found Microsoft guilty of having abused its monopoly position, then Ashcroft (under Bush) excused them for their wrongdoing and nothing happened.
Re: (Score:1)
I've been a software engineer at MS off and on for 15+ years. I've never seen any agreement that said I could not discuss my work there. Make up your mind: is everything MS ever does insecure, or is it secure enough that they have to leave in back doors intentionally?
Torrents? (Score:4, Interesting)
Is this why there are torrents out there with a several hundred megabyte file with the name of a TV show ending in .mp4.lnk ?
Re: (Score:1)
Download it, let us know how it turns out for you!
SoylentNews Rocks (Score:2)
I don't even read Slashdot "stories" about Microsoft anymore, because most are just obvious "troll" or click-bait aimed at the anti-microsofties that prevail at Slashdot.
Soylentnews.com is a great site.
Re: (Score:1)
Go fuck yourself with the plastic fake penis your mother gave you when you wanted to explore your rectum.
Re: (Score:2)
I don't even read Slashdot "stories" about Microsoft anymore, because most are just obvious "troll" or click-bait aimed at the anti-microsofties that prevail at Slashdot.
Soylentnews.com is a great site.
http://soylentnews.org/article.pl?sid=15/03/01/1949210 [soylentnews.org] Are you sure?
Re: SoylentNews Rocks (Score:1)
Re: (Score:2)
Secure Consumer OS = Oxymoron (Score:2)
Doesn't exist on so many levels it is now passé.
Re: (Score:1)
They don't want you to be secure FROM THEM, even if that opens you up to everyone else. Who the fuck are you, if you don't have an acronym after your name?
Full details are now avaiable (Score:5, Informative)
yep yep (Score:4, Funny)
Howdy. Its NSA here, You can patch the hole now, Stux is no use to us anymore.
Micro$oft: Ok, wilco. See You at lunch.
Now I know (Score:2)
why all my centrifuges just blew up.
Curse You Microsoft!
Re: (Score:2)