New Vulns Used by Stuxnet Patched in Microsoft’s Sept 2010 Patches

Original article from Sept 2010:
According to this article by Symantec, it looks like the top countries affected Stuxnet (by infection count) were Iran and some of its closest neighbors geographically. To me, it looks like an intelligence service lost a couple of arrows out of its quiver here. Microsoft is closing one of the vulnerabilities used by Stuxnet in the September 2010 Microsoft monthly patches.

The smart money is on the U.S. or Israel, but I guess the public storyline will never tell us for sure. Nation-state intelligence services cannot wait for a time of war to penetrate and exploit the infrastructure of potential enemies. That type of offensive penetration and espionage activity happens all the time. Like some others, the U.S. is very good at cyber offense and computer network exploitation. It very well could have been us that lost a couple privately held vulns this time around.

Update – 14 Nov 2010:
New analysis published by Symantec supports the idea that this was intelligence service grade work probably aimed at Iran: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf

References:
http://www.symantec.com/connect/blogs/w32stuxnet-network-information
http://krebsonsecurity.com/2010/09/stuxnet-worm-far-more-sophisticated-than-previously-thought/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+KrebsOnSecurity+%28Krebs+on+Security%29

email: david @ sharpesecurity.com
website: http://www.sharpesecurity.com/
Twitter: twitter.com/sharpesecurity

Share

Leave a Reply