Symantec vient de publier une nouvelle version de son étude sur Stuxnet. 4 nouvelles vulnérabilités de jour zéro utilisées, c’est probablement du jamais vu!
Voici les détails sur 3 des 4 des vulnérabilités:
- Exécution automatique des Shortcut
- Exécution distante via le Windows “spooler”
- Exécution à distance via RPC
On peut voir qu’il existe du code existant qu’on peut utiliser pour les exploiter. Il faut mettre nos Windows à jour!
Check this out, 4 zero-day vulnerabilities exploited in Stuxnet with an estimated development group of 5 to 10 developers during 6 months: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdfWe may need to look into the other vulnerabilities to see if they were properly patched (print spooler, RPC…)? Here’s some background on the (3 of 4) identified vulnerabilities. The exploit tab shows that there are available code samples to help future attackers…:http://www.securityfocus.com/bid/41732: Shortcut automatic file executionhttp://www.securityfocus.com/bid/43073: Print spooler remote code executionhttp://www.securityfocus.com/bid/31874: RPC handling remote code executionApparently also that the LNK vulnerability has been used before in 2008. That’s a damn long zero-day if it’s really true!
No comments:
Post a Comment