Microsoft's 'Patch Tuesday' for March caused quite a stir in the infosec community yesterday, as it fixed a Stuxnet vulnerability that was originally patched in 2010. According to Dave Weinstein of HP's Zero Day Initiative, "The patch failed. And for more than four years, all Windows systems have been vulnerable to exactly the same attack that Stuxnet used for initial deployment." Yikes!
Obviously this patch should be deployed immediately, but after you're done with the update take a look at our Twitter roundup for the latest news on this vulnerability.
Stuxnet Vulnerability Announcement from ZDI:
RT @maldr0id: The Ghost of #Stuxnet Past: CVE-2015-0096 http://t.co/xJLLWYzGde < Make sure you apply MS15-020 to your nuclear plants.
— Martijn Grooten (@martijn_grooten) March 10, 2015Detailed Analysis from ZDI:
Full details on how the #Stuxnet patch from #Microsoft in 2010 failed to correct the LNK vuln: http://t.co/cwcEjNVvq0
— Zero Day Initiative (@thezdi) March 10, 2015Coverage Highlights:
Patch Tuesday March 2015 - #Stuxnet LNK 0day finally fixed https://t.co/dmR91ohL8D by @k_sec
— Eugene Kaspersky (@e_kaspersky) March 11, 2015Microsoft FAIL: Windows #Stuxnet vuln *still* broken. Also #FREAK, so patch now @computerworldhttp://t.co/jfMpdz8gyG
— Richi Jennings (@RiCHi) March 11, 2015Microsoft patches #Stuxnet and FREAK Vulnerabilities http://t.co/XiEmfB2LYN
— Mohit Kumar (@unix_root) March 11, 2015Details Surface on Stuxnet Patch http://t.co/E0AJH0U82S#stuxnet via @lionytics
— Lionytics™ (@lionytics) March 11, 2015Windows PCs vulnerable to #Stuxnet attack — five years after patch http://t.co/KuISNESGjxpic.twitter.com/Z1zjZgSEst
— Symantec (@symantec) March 11, 2015Windows PCs vulnerable to Stuxnet attack — five years after patch http://t.co/94KsSF33Ef
— Crimes Cibernéticos (@Cyb3rCrimes) March 12, 2015
