Despite being patched four years ago by Microsoft, a vulnerability in XP, Vista, Windows 7, and Windows Server 2003/2008 that Stuxnet exploits is still around and kicking, according to researchers at Kaspersky Lab.
Stuxnet was first discovered in June 2010 and by the beginning of August that same year, Microsoft had issued a patch for the CVE 2010-2658 vulnerability, which should have closed the book on it. But Kaspersky's systems continue to “register millions of instances” of malware exploiting the vulnerability.
During the period between November 2013 and June 2014 when the security team was conducting its research, more than 19 million users, primarily in Vietnam (42.45 percent), and India (11.7 percent), encountered the threat.
Kaspersky attributes the ongoing threat to “poorly maintained servers without regular updates or a security solution installed.”