PoC For Windows 0day Publicly Released!
This bug caused by an access validation error in the Task Scheduler service that fails to prevent users from manipulating certain fields in schema XML files via the Component Object Model (COM) interface, as a result allow malicious users to manipulate a valid XML file and bypass the CRC32 integrity checks to execute arbitrary code with SYSTEM privileges.
This vulnerability still not fixed yet by Microsoft and it is the fourth vulnerability that may be exploited by Stuxnet malware.
Currently it is possible to find a new exploit published in the wild “Windows Task Scheduler Privilege Escalation”.
As you can see that the vulnerability requires hackers to gain access to a limited account on the system. This is very difficult if you have properly secured the operating systems accounts. Workaround also is possible to mitigate the risk by disabling the Task Scheduler service on Windows.
To protect your system against Stuxnet or any threat it is important to consider the following security measures:
• Disable USB flash keys or execution of code from flash keys.
• Implement strict egress (outbound connection) filtering on ICS firewalls
• Whitelisting / Host Intrusion Prevention System
• Tighten up overall security program –look at IT standards for guidance
• Consider Compliance Management system to help keep security posture strong
• Strong protections for control systems –host hardening, patch programs, regular audits, stronger personnel and physical security measures.
• Develop and maintain a strong defence-in-depth posture.
So read every point thoroughly and apply as much as possible of them on the short and long term for your online safety.
How Stuxnet Changed the World : http://www.us-cert.gov/control_systems/icsjwg/presentations/Walter%20Sikora%20icsjwg-fall-2010.pdf
make sure you subscribe to my RSS feed!