Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Microsoft Bug Security Windows

Incomplete Microsoft Patch Left Machines Exposed To Stuxnet LNK Vulnerability 33

Posted by Soulskill from the fixing-the-fix-that-fixed-not-much-at-all dept.
msm1267 writes: A five-year-old Microsoft patch for the .LNK vulnerability exploited by Stuxnet failed to properly protect Windows machines, leaving them exposed to exploits since 2010. Microsoft today is expected to release a security bulletin, MS15-020, patching the vulnerability (CVE-2015-0096). It is unknown whether there have been public exploits of patched machines. The original LNK patch was released Aug. 2, 2010. "That patch didn't completely address the .LNK issue in the Windows shell, and there were weaknesses left behind that have been resolved in this patch," said Brian Gorenc, manager of vulnerability research with HP's Zero Day Initiative. Gorenc said the vulnerability works on Windows machines going back to Windows XP through Windows 8.1, and the proof of concept exploit developed by Heerklotz and tweaked by ZDI evades the validation checks put in place by the original Microsoft security bulletin, CVE-2010-2568.
This discussion has been archived. No new comments can be posted.

Incomplete Microsoft Patch Left Machines Exposed To Stuxnet LNK Vulnerability More

Incomplete Microsoft Patch Left Machines Exposed To Stuxnet LNK Vulnerability

Comments Filter:
  • This is going to get ugly
    • Yep, my steam turbines are going to fail earlier than I thought. Hate it when that happens

  • Torrents? (Score:4, Interesting)

    by viperidaenz ( 2515578 ) on Tuesday March 10, 2015 @03:30PM (#49227927)

    Is this why there are torrents out there with a several hundred megabyte file with the name of a TV show ending in .mp4.lnk ?

    • Re: (Score:1)

      by Anonymous Coward

      Download it, let us know how it turns out for you!

  • I don't even read Slashdot "stories" about Microsoft anymore, because most are just obvious "troll" or click-bait aimed at the anti-microsofties that prevail at Slashdot.

    Soylentnews.com is a great site.

    • I don't even read Slashdot "stories" about Microsoft anymore, because most are just obvious "troll" or click-bait aimed at the anti-microsofties that prevail at Slashdot.

      Soylentnews.com is a great site.

      http://soylentnews.org/article.pl?sid=15/03/01/1949210 [soylentnews.org] Are you sure?

    • They don't even have a mobile website. Do they really think this year will be the year of desktops?
    • Look I'm pissed off with slashdot as much as the next guy, but soylentnews looks so shit it is unreadable. I feel like I'm reading some 1994 VGA text in horrible 4 bit colours. I'm glad they want to do better, but they're going to have to try a bit harder than that.

  • Doesn't exist on so many levels it is now passé.

    • Re: (Score:1)

      by Anonymous Coward

      They don't want you to be secure FROM THEM, even if that opens you up to everyone else. Who the fuck are you, if you don't have an acronym after your name?

  • Full details are now avaiable (Score:5, Informative)

    by InfoSecGnome ( 4035697 ) on Tuesday March 10, 2015 @04:04PM (#49228231)
    Full details about how the 2010 patch failed are now available. Looks like they tried to do a whitelist check for approved CPL files, but it didn't work. There's a video too, although a video showing how to use regedit is only so useful. http://h30499.www3.hp.com/t5/H... [hp.com]

  • yep yep (Score:4, Funny)

    by Kekke ( 236130 ) on Tuesday March 10, 2015 @05:12PM (#49228839) Journal

    Howdy. Its NSA here, You can patch the hole now, Stux is no use to us anymore.
    Micro$oft: Ok, wilco. See You at lunch.

  • why all my centrifuges just blew up.

    Curse You Microsoft!

Slashdot Top Deals

Fundamentally, there may be no basis for anything.

Close