Upcoming Virtual Event: Cloud Security Summit | July 17 - Register Now
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Attackers Still Target Old Flaw Exploited by Stuxnet

The most commonly targeted vulnerability in 2015 was a Windows flaw that came to light in 2010 after being exploited by the notorious Stuxnet malware, Microsoft said in its latest Security Intelligence Report (SIR).

The most commonly targeted vulnerability in 2015 was a Windows flaw that came to light in 2010 after being exploited by the notorious Stuxnet malware, Microsoft said in its latest Security Intelligence Report (SIR).

The vulnerability in question, tracked as CVE-2010-2568, affects the Windows Shell in Windows 7, Vista, XP, Server 2008 and Server 2003. A remote attacker can exploit the flaw to execute arbitrary code via specially crafted LNK or PIF files. The issue was addressed by Microsoft in August 2010 with the critical security bulletin MS10-046.

This was one of the zero-days exploited in mid-2010 by Stuxnet, the malware used in attacks aimed at Iran’s nuclear facilities. Many other malware families have leveraged the flaw since, and CVE-2010-2568 has often been named over the past years as one of the most targeted vulnerabilities.

Microsoft, whose products detect the threat as Win32/CplLnk, said attackers typically exploit the vulnerability by creating a malformed shortcut file which they deliver via social engineering and other methods.

The company noted that while CVE-2010-2568 was the most commonly targeted individual vulnerability in 2015, it does not mean that all exploit attempts were successful. The statistics are based on threats encountered by Microsoft security products, which detect exploit attempts whether or not the device is plagued by the targeted flaw.

On the other hand, the fact that attackers are targeting such an old vulnerability shows that there still are many unpatched systems.

“CVE-2010-2568, a vulnerability well known for its usage in the Stuxnet malware family in June 2010, has had a patch available since August 2nd 2010 but many systems are still being successfully targeted,” Gavin Millard, Tenable Network Security’s EMEA technical director, told SecurityWeek. “With the fascination of the latest vulnerabilities to be discovered, the newest logo’d bug to hit the media, it’s critically important that organizations don’t forget to patch the long forgotten vulnerabilities still lingering that can be easily exploited.”

In March 2015, HP researchers revealed that they had found a way to bypass Microsoft’s 2010 patch and warned that the vulnerability could still be exploited. However, Microsoft argued that HP actually found a new vulnerability and assigned it a different CVE identifier (CVE-2015-0096).

Advertisement. Scroll to continue reading.

Microsoft’s SIR 20 also shows that vulnerability disclosures increased 9.4 percent between the first and second half of 2015. As for threats, Microsoft’s anti-malware products encountered roughly the same levels of operating system, Java, Flash Player, HTML/JavaScript, document and browser exploits throughout 2015. Exploit kits remained the most commonly encountered threat and they recorded a considerable increase in the last part of 2015 after steadily decreasing for more than a year.

Related Reading: PoC Exploits Mainly Distributed via Social Media

Related Reading: ICS Flaw Disclosures at High Levels Since Stuxnet Attack

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Craig Boundy has left Experian to join McAfee as President and CEO.

Forcepoint has promoted Ryan Windham from Chief Customer and Strategy Officer to Chief Executive Officer.

ICS and OT cybersecurity solutions provider TXOne Networks appointed Stephen Driggers as its new CRO.

More People On The Move

Expert Insights