Security Threat Report - Nov. 2010

Stuxnet breakthrough and 0-day Exploit PoC Code Released to public

Some of the most notable network security developments during the month of November included recent reports released by Symantec with regard to the Stuxnet malware threat. While it has been hypothesized that Stuxnet had been designed to attack SCADA systems, it wasn’t until recently that Symantec found what they believe to be evidence that that this malware targets specific Programmable Logic Controller (PLC) systems.

In additional news, 0-day (zero-day) exploit Proof-of-Concept (PoC) Code has recently been released to the public demonstrating how Stuxnet takes advantage of a privilege escalation vulnerability in Windows Task Scheduler. There is no word yet from Microsoft as to when a patch release can be expected.

Window User Access Control (UAC) Bypass Vulnerability 0-day PoC released to public

November observed yet another release of 0-day PoC code demonstrating exploitation of a Windows Privilege Escalation vulnerability. Specifically, this code demonstrates how 'system' access might be gained by bypassing the Windows User Access Control (UAC) without any action from the user. While not a remotely exploitable vulnerability, 'System' privileges provides access to nearly the equivalent of full administrator access. Even though no malware has been observed in the wild that takes advantage of this issue, experts assert that such developments are only a matter of time. There is no word yet from Microsoft as to when a patch release can be expected.