Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Attackers Still Target Old Flaw Exploited by Stuxnet

The most commonly targeted vulnerability in 2015 was a Windows flaw that came to light in 2010 after being exploited by the notorious Stuxnet malware, Microsoft said in its latest Security Intelligence Report (SIR).

The most commonly targeted vulnerability in 2015 was a Windows flaw that came to light in 2010 after being exploited by the notorious Stuxnet malware, Microsoft said in its latest Security Intelligence Report (SIR).

The vulnerability in question, tracked as CVE-2010-2568, affects the Windows Shell in Windows 7, Vista, XP, Server 2008 and Server 2003. A remote attacker can exploit the flaw to execute arbitrary code via specially crafted LNK or PIF files. The issue was addressed by Microsoft in August 2010 with the critical security bulletin MS10-046.

This was one of the zero-days exploited in mid-2010 by Stuxnet, the malware used in attacks aimed at Iran’s nuclear facilities. Many other malware families have leveraged the flaw since, and CVE-2010-2568 has often been named over the past years as one of the most targeted vulnerabilities.

Microsoft, whose products detect the threat as Win32/CplLnk, said attackers typically exploit the vulnerability by creating a malformed shortcut file which they deliver via social engineering and other methods.

The company noted that while CVE-2010-2568 was the most commonly targeted individual vulnerability in 2015, it does not mean that all exploit attempts were successful. The statistics are based on threats encountered by Microsoft security products, which detect exploit attempts whether or not the device is plagued by the targeted flaw.

On the other hand, the fact that attackers are targeting such an old vulnerability shows that there still are many unpatched systems.

“CVE-2010-2568, a vulnerability well known for its usage in the Stuxnet malware family in June 2010, has had a patch available since August 2nd 2010 but many systems are still being successfully targeted,” Gavin Millard, Tenable Network Security’s EMEA technical director, told SecurityWeek. “With the fascination of the latest vulnerabilities to be discovered, the newest logo’d bug to hit the media, it’s critically important that organizations don’t forget to patch the long forgotten vulnerabilities still lingering that can be easily exploited.”

In March 2015, HP researchers revealed that they had found a way to bypass Microsoft’s 2010 patch and warned that the vulnerability could still be exploited. However, Microsoft argued that HP actually found a new vulnerability and assigned it a different CVE identifier (CVE-2015-0096).

Microsoft’s SIR 20 also shows that vulnerability disclosures increased 9.4 percent between the first and second half of 2015. As for threats, Microsoft’s anti-malware products encountered roughly the same levels of operating system, Java, Flash Player, HTML/JavaScript, document and browser exploits throughout 2015. Exploit kits remained the most commonly encountered threat and they recorded a considerable increase in the last part of 2015 after steadily decreasing for more than a year.

Related Reading: PoC Exploits Mainly Distributed via Social Media

Related Reading: ICS Flaw Disclosures at High Levels Since Stuxnet Attack

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.