19 million Windows PCs still vulnerable to Stuxnet zero-day

News by Steve Gold

The Stuxnet worm is still threatening IT systems some three years after its role in damaging Iranian nuclear equipment.

Ongoing research by Kaspersky Lab has concluded that the zero-day vulnerability exploited by Stuxnet is still threatening as many as 19 million Windows PCs around the world.

Back in July of this year, Kaspersky published a report looking at detections of malware using CVE 2010-2658, which it describes as an important flaw discovered to be affecting Windows XP, Vista, Windows 7, Server 2002 and Server 2008.

First spotted back in July 2010, Kaspersky says the popularity of the flaw "remains strangely undimmed among cyber-criminals."

Between November 2013 and June 2014, the security vendor says it detected 19 million systems encountering malware that appeared to be using exploits targeting it - 64 percent of which were running Windows XP.

According to the Russian headquartered security company, CVE-2010-2568 involves an error in processing tags in the Windows operating system that allows attackers to load an arbitrary DLL without the user's knowledge.

This vulnerability was most famously exploited by Stuxnet - the worm was first detected in June 2010, since when it has become notorious in that it apparently led to the physical destruction of uranium enrichment equipment at nuclear facilities located in Iran.

In the autumn of 2010, Microsoft released a security update that patched the vulnerability, but Kaspersky says that many millions of PCs remain vulnerable, suggesting that users have yet to update their operating system with patches.

Vyacheslav Zakorzhevsky, Kaspersky's head of the vulnerability research team, said that this type of situation obviously creates an on-going risk of malware infection in organisations where these vulnerable servers still operate.

"Therefore we urge corporate IT managers to devote more attention to ensuring that software is kept up to date on corporate computers, and to employ adequate cyber threat protection tools," he added.


To minimise the risk of encountering attacks involving vulnerabilities, Kaspersky Lab's experts recommend that users update their software regularly, deleting unused software and the use of a reliable security application equipped with technologies to counteract exploit attacks.

Professor John Walker, CTO of Cytelligence, who has been tracking Stuxnet since it was first spotted in June 2010, said that it is clear that, in a world implicated with constantly returning adversaries such as Stuxnet, other lesser known variants of malicious code, and the recent introduction of the Shellshock malware which implicates Bash, we need to recognise that we are working in an IT arena where zero-day threats are constantly arriving.

"We must also recognise that the probability of security mechanisms, perimeter defences, and security architectures failing against these threat actors is high," he added.

Walker, who is also a visiting professor with the School of Computing and Informatics of Nottingham Trent University, went on to say that, because of this, there is a clear need to anticipate that a zero-day security event will occur - and to be prepared to respond.

It in this context, he says, it is clear that pre-crafted first responder incident response capabilities - along with forensic cyber readiness and CSIRT capabilities - need to be in place to tackle a security event in real time.

The bottom line, he adds, is that you can expect the worse to happen, so the need to prepare for incident mitigation - and even operational survival - is all the stronger.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews