Windows worm is a serious hack

The developers of the Stuxnet worm attack used four different zero-day security vulnerabilities to take down Windows.

Microsoft has revealed details of the Stuxnet worm and how it was able to do so well.

Redmond initially thought the attack targeted the old MS08-067 vulnerability, which was used in the Conficker attack, a new LNK flaw to launch exploit code on vulnerable Windows systems and a zero-day bug in the Print Spooler Service.

But it turns out the malware also exploited two different elevation of privilege holes to gain complete control over the affected system.

Microsoft has warned that these two flaws are still unpatched.

Kaspersky Lab discovered two of the three new zero-days and worked closely with Microsoft during the research and patch-creation process and Redmond has launched an emergency patch.

Buried in today’s Patch Tuesday releases, Microsoft shipped MS10-061 with a fix for the Print Spooler Service Impersonation flaw the LNK vulnerability was patched with an emergency fix in August 2010.

Kaspersky Lab warned that the Stuxnet attack was unique as it was the first time that there was a threat that contained so many different attack vectors.

The worm also used signed digital certificates stolen from RealTek and JMicron and hit security hole problems in the Simatic WinCC SCADA systems.

The spokesman said that the worm was created by professional hackers who knew what they were doing and did not bugger around.

They had information about as yet unknown vulnerabilities and the architecture and hardware of WinCC and PSC7.

Some think that Stuxnet was so good that it must have been designed by a nation state.