Attack code published for unpatched Stuxnet vulnerability
Exploit code for one of the still-unpatched Windows vulnerability used in the Stuxnet malware has been posted on the web, a move that puts pressure on Microsoft to release a security patch.
The exploit, written by webDEViL, provides a roadmap to exploit a flaw in the Windows Task Scheduler to elevate rights on vulnerable Windows machines.
It has been successfully tested on systems running Windows Vista, Windows 7 and Windows Server 2008. The privilege escalation flaw in the Task Scheduler was just one of five different vulnerabilities exploited in the mysterious Stuxnet worm attack. Four of the five were zero-day (previously unknown).