New
#1
VULNERABILITIES - Microsoft confirms it missed Stuxnet print spooler '
Contrary to reports, a bug that Microsoft patched last week had been publicly discussed a year and a half ago, security researchers said this week.
Microsoft confirmed Wednesday that it overlooked the vulnerability when it was revealed last year.
The vulnerability in Windows Print Spooler service was one of four exploited by Stuxnet. ...
It turns out that one of the four -- the vulnerability Microsoft patched last week with its MS10-061 update -- was technically not a zero-day, said Liam O Murchu, manager of operations with Symantec's security response team.
According to O Murchu, the print spooler flaw was first revealed in a security publication's 2009 issue. He did not name the magazine. ...
Paris-based Vupen Security, however, pointed a finger at Hackin9, a Polish publication. Computerworld was easily able to locate a PDF of the 2009 issue on the Internet.
In that issue, a researcher named Carsten Kohler spelled out how to abuse the print spooler service to hijack Windows PCs and even included source code for a working exploit.
Date: 22 September 2010
Source:
http://www.computerworld.com/s/article/9187300/