{"id":14993,"date":"2014-08-12T16:09:42","date_gmt":"2014-08-12T16:09:42","guid":{"rendered":"http:\/\/kasperskydaily.com\/b2b\/?p=2369"},"modified":"2020-02-26T10:54:34","modified_gmt":"2020-02-26T15:54:34","slug":"stuxnets-hole-the-vulnerability-is-still-around","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/stuxnets-hole-the-vulnerability-is-still-around\/14993\/","title":{"rendered":"Stuxnet’s “hole”: the vulnerability is still around"},"content":{"rendered":"

The old vulnerability that had been exploited by the notorious \u201cbattle-worm\u201d Stuxnet, is still around, affecting millions, even though a patch for it had been released years ago.<\/p>\n

\n<\/p>

\u00a0<\/p>\n

The vulnerability in question is CVE 2010-2658<\/a>, discovered in 2010 and present in Windows XP (which means that it was probably there for up to nine years prior), as well as Vista, Windows 7, and Windows Server 2003\/2008.<\/p>\n

It was patched (relatively) promptly by Microsoft: Stuxnet had been discovered in June 2010, Microsoft acknowledged the problem on July 16th, 2010, which was followed by the patch on August 2nd, the same year. According to Microsoft, this vulnerability allowed \u201cremote code execution if the icon of a specially crafted shortcut is displayed. An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\u201d The problem was designated as critical.<\/p>

4 years passed, Stuxnet\u2019s vuln is still around #enterprisesec #protectmybiz<\/p>Tweet<\/a><\/blockquote>\n

Four years have passed since then. Between November 2013 and June 2014 Kaspersky Lab conducted a research titled \u201cWindows usage and vulnerabilities<\/a>\u201c. According to its findings, Kaspersky Lab\u2019s detection systems still register millions of instances in which malware exploiting vulnerability CVE-2010-2568 is detected. Within the research period over 19,000,000 users encountered this threat.<\/p>\n

The malware instances targeting this vulnerability were most often detected on the computers of users residing in Vietnam (42.45%), India (11.7%), Indonesia (9.43%), Brazil (5.52%) and Algeria (3.74%). See the graphics below:<\/p>\n

\"wide-2\"<\/a><\/p>\n

It\u2019s not a surprise that Vietnam, India, and Algeria are on the list of countries with most CVE-2010-2568 detections, and among the leaders in terms of the numbers of users still using Windows XP, which support had been dropped by Microsoft in April this year<\/span><\/a>.<\/p>\n

That very operating system occupies first place for CVE-2010-2568 detections: 64.19% of detections were reported from computers running under Windows XP. Again, no surprise here.<\/p>\n

Windows 7, currently the most widely used in the world, is only in second with 27.99% detections. Next comes Windows Server 2008 and 2003 with 3.99% and 1.58% detections respectively.<\/p>\n

In this specific case, the large number of detections does not directly translate into a large number of attacks. ACtually, due to the peculiar ways this vulnerability is exploited, it is impossible to accurately differentiate between cases when Kaspersky Lab\u2019s product protected from real attacks involving malware exploiting CVE-2010-2568, and the cases when they only detected vulnerable shortcuts automatically generated by a specific worm.<\/p>\n

But still the large number of CVE-2010-2568 detections is a testimony to the fact that globally there are still many computers that are vulnerable to attacks involving malware exploiting this vulnerability. This is also a distinct sign that these PCs are also subjects to many other vulnerabilities, at least part of which are exploited by malware. Poorly maintained Windows XP machines with security solutions are the main \u201cfodder\u201d for botnets today, which means that they are also a source of global IT security problems. A source that is yet to stay for some time. <\/p>

Windows XP is the main \u201cspawning grounds\u201d for malware. #security #windowsxp<\/p>Tweet<\/a><\/blockquote>\n

Regarding the aforementioned vulnerability and detections, Kaspersky Lab\u2019s experts presume that most of these stem from poorly maintained servers without regular updates or a security solution installed. These servers may also be inhabited by worms that use malware exploiting this vulnerability.<\/p>\n

Following their designed logic, such malware programs routinely create malicious shortcuts in a general access folder; and each time a user protected by a Kaspersky Lab\u2019s solution gets access to that folder and clicks on such a shortcut, the detection takes place. This is an obvious risk of malware infection in the organizations using these servers \u2013 and PCs.<\/p>\n

Once again there is a reason to call for a global IT Cleansing campaign among the users and businesses. IT security is everybody\u2019s business and in the interconnected world negligence of one server may pose big problems for many people at once.<\/p>\n

Additional details on this research are available at Securelist.<\/span><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Four years after the discovery of the Stuxnet worm, the primary vulnerability it had been exploiting is still around. This is mainly the problem of poorly maintained Windows XP PCs and servers, most likely inhabited by worms. In the interconnected world a neglected PC or a server is a possible problem for many people.<\/p>\n","protected":false},"author":209,"featured_media":15840,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3052],"tags":[2151,196,2152,268],"class_list":{"0":"post-14993","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-smb","9":"tag-pc-neglect","10":"tag-stuxnet","11":"tag-stuxnet-worm","12":"tag-vulnerabilities"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/stuxnets-hole-the-vulnerability-is-still-around\/14993\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/stuxnets-hole-the-vulnerability-is-still-around\/14993\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/stuxnets-hole-the-vulnerability-is-still-around\/14993\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/pc-neglect\/","name":"PC neglect"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/14993","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/209"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=14993"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/14993\/revisions"}],"predecessor-version":[{"id":33281,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/14993\/revisions\/33281"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/15840"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=14993"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=14993"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=14993"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}