Patch Management

Microsoft tries, again, to plug Stuxnet attack path

March 11, 2015

More than four years ago, Microsoft released a patch to mitigate a Stuxnet attack leveraging USB drives – but this month's Patch Tuesday update marks another attempt by the company to rectify the security issue.

On Tuesday, HP published a blog post on Microsoft's first “failed” Stuxnet fix, MS10-046, the same day the tech giant released MS15-020, a critical patch that would thwart similar exploitation.

HP explained that the initial infection vector for Stuxnet was a USB drive “that took advantage of a vulnerability in the Windows operating system that allowed simply browsing to a directory to run arbitrary code.” The Stuxnet worm, discovered in 2010, was designed to target Siemens SCADA systems as means of undermining Iran's nuclear program.

In the new patch, the issue was assigned the ID CVE-2015-0096 and described by Microsoft as a DLL planting remote code execution vulnerability.

prestitial ad