News

Kaspersky Lab and Microsoft cooperate to close new zero-day vulnerability
14 September 2010 , Written by Dhruv Tanwar
Bookmark and Share


Kaspersky Lab and Microsoft collaborated to close a serious vulnerability in Microsoft Windows that was known to have been used by the Stuxnet worm, the industrial espionage tool that is designed to gain access to the Siemens WinCC operating system, which collects data and monitors production in industrial environs.
safe_computers
Since its emergence in July 2010, IT security specialists have watched Worm.Win32.Stuxnet closely. Kaspersky Lab said its experts have researched Stuxnet’s capabilities at length, discovering in the process that in addition to the vulnerability that was detected originally, it also uses four other critical vulnerabilities in Windows when processing LNK and PIF files. While one of these vulnerabilities was exploited by the infamous Kido (Conficker) worm in early 2009, the other three were previously unknown and exist in the current versions of Windows.

Stuxnet also uses another vulnerability to propagate, which exists in the Windows Print Spooler service that can be used to send malicious code to a remote computer where it is then executed. This allows the infection to spread to computers using a printer or through shared access to one. Having infected a computer connected to a network, Stuxnet then attempts to spread to other computers.

Kaspersky Lab detected and reported this vulnerability to Microsoft, which released a path on 14 September, 2010 to close the loophole. Kaspersky Lab has also reported another another zero-day vulnerability in the Stuxnet code, classified as an ‘Elevation of Privilege’ (EoP) vulnerability, which could be exploited by the worm to gain full control over the infected computer, while a similar EoP-class vulnerability was detected by Microsoft’s experts. Both will be corrected in future security updates for Windows operating systems, the company said.
 

LISTS AND RESEARCH

  • list Global Software Top 100 - Edition 2011
    • The Global Software Top 100 is a list of the world's largest software companies, ranked by annual software revenues. The list is based upon revenue information of 10,000+ IT companies worldwide.
  • Software industry trends (2011)
    • This research article (accompanying the Global Software Top 100) describes changes in the software industry playing field. It analyses trends and key players and forecasts future developments.
  • Top hardware companies
    • A list of the world's largest hardware companies.
  • What happens in the hardware industry?
    • Trends and analysis of the hardware industry and its key players.
  • Top IT services companies
    • A list of the world's largest IT services companies, ranked by annual services revenues. This link will take you to www.servicestop100.org.
  • IT services companies: healthy growth
    • What is happening in the IT services industry? Read this research publication to find out about trends and key players in the IT services industry.
  • Top gaming companies (2010)
    • Entertainment is good business, and gaming software companies are growing faster than the rest of the software industry. This research article discusses trends and key players in the gaming business.
  • Top ERP companies
    • A research publication about the world's leading players in enterprise software.
  • Top security software companies
    • A research publication discussing the world's leading publishers of security software: antivirus-, spamfiltering-, intrusion detection- and firewall software.
  • The fastest growing software companies
    • This research publication reveals the fastest growing software companies in the world.
  • CRM companies: a short list
    • A short list of the leading software companies selling Customer Relationship Management software; aimed at IT managers looking to purchase CRM software.
  • Top software companies in the US (2010)
    • A list of the largest software companies in the United States, ranked by annual software revenues. 2010 Edition, posted 15 December 2010.
  • U.S. software industry trends (2010)
    • A research publication discussing the trends and the key players in the software industry in the United States. Posted 15 December 2010.
  • Top companies in the world (not just software)
    • A general list of the largest companies in the world, ranked by revenues. Not just software companies; in fact, there are no software companies in it...
  • Top IT companies
    • A list of the largest IT companies in the world, ranked by annual revenues. Includes hardware, software and services.
More lists and research >

POPULAR NEWS

Go to news overview >

RECENT NEWS

Go to news overview >