Stuxnet Redux: Microsoft patches Windows vuln left open for FIVE YEARS While most of the attention this Patch Tuesday has been focused on the FREAK encryption vulnerability, Microsoft's latest batch of fixes also addresses another longstanding threat to Windows: Stuxnet. What's that you say? You thought Microsoft already issued a patch that stopped the Stuxnet worm from spreading all the way back …
I really confused when I saw this article. Several years ago when I was working in http://remotegun.com and I was researching about the mechanisms Stuxnet spreading through USB and networks I watched a video there Bruce Dang one of Microsoft Research team member https://www.youtube.com/watch?v=rOwMW6agpTI he mentioned we had knew about Stuxnet but we weren't allowed to talk about it till now (2010). but now days that everybody knows about the Stuxnet and its mission is finished, why Microsoft haven't patched its vulnerabilities forever? is there something remained unmentioned about the Stuxnet mission?
I searched a lot to find the exact video I had watched that time which contained much more knowledge about the role of Microsoft in responsibility of postponing patching the vulnerabilities Stuxenet was using but I couldn't find it yet. however the above video contains some admissions from one of Microsoft members.
"Microsoft released a comprehensive security fix in 2010 to address the vulnerability the Stuxnet virus exploited. As technology is always changing, so are the tactics and techniques of cybercriminals."
Not really to the point and sounds suspiciously like a politician trying to drown the latest scandal by stringing words together that at first reading nearly make sense but actually don't.
I wonder what the next excuse for another "easily access all areas" security "failure" will be.
Identify the failure.
Fix it
Identify why your development process did not catch it in the first place.
Fix gap in development process
Identify the code pattern of the failure.
Scan code base for other examples.
Fix them.
I'm sure we all have our opinions which of these MS will actually do.
"Microsoft released a comprehensive security fix in 2010 to address the vulnerability the Stuxnet virus exploited. As technology is always changing, so are the tactics and techniques of cybercriminals."
Microsoft released a comprehensive security fix in 2010 to address the vulnerability the Stuxnet virus exploited. As technology is always changing, so are the tactics and techniques of NSA and other cybercriminals.
The bugs are present in every version of Windows from Vista and Windows Server 2003 all the way up to the latest Windows 8.1 and Windows Server 2012 R2.
That's every supported version of Windows. If it affects Server 2003 it affects Windows XP, which is omitted despite being installed and online more than any other desktop OS except Windows 7. No, no problem there. I understand that MS dropped support, but all these lingering XP boxes are gold for bot net operators.
Source: NetMarketShare
"Microsoft's latest batch of fixes also addresses another longstanding threat to Windows: Stuxnet. "
No, the exploit used by Stuxnet was already patched.
"a spokesperson told us that the latest exploit method isn't the same as the one that was addressed in the earlier patch."
Quite. See above. So "creative" writing for this article to say the least...
I don't see any advertisements on the comments section, so why would page hits matter here?
As for "different vulnerabilities", STUXNET is written by the NSA. You seem to believe we should trust the nice Microsoft PR person and take them at their word that this is an entirely different vulnerability and that the previous one was patched. Yessiree. No collusion by Microsoft with the NSA to push out a feel-good patch that ultimately did nothing. Nope.
You're a shill. The question is, for which party? Clearly you have no problems with selling us to the spooks...but that still could make you a shill to either.
Both Microsoft and the NSA are never, ever to be trusted.
KB3033929 stands a significant chance of failing to install (error 80004005) according to reports from around the world. Sometimes the failure is recoverable by routine Windows Update auto recovery/rollback, sometimes the systems are rendered unbootable.
Fails recoverably here on a mixture of Win7/32 and Win7/64, W7Home Premium and W7Pro flavours on relatively vanilla (but not particularly new) HPQ business-class hardware (HP6910 and 6930 laptops, DC7700 desktops).
e.g.
https://social.technet.microsoft.com/Forums/windows/en-US/a08ad884-6b05-4632-8f28-2568eb97b636/update-kb3033929-fails-with-error-code-80004005?forum=w7itprosecurity
Oh well. It's the last MS OS I'll be using anyway.
[apologies if post is duplicated]
KB3033929 stands a significant chance of failing to install (error 80004005) around the world.
Fails here on a mixture of Win7/32 and Win7/64, Home Premium and Pro flavours on relatively vanilla (but not brand new) HPQ business-class hardware (HP6910 and 6930 laptops, DC7700 desktops).
e.g.
https://social.technet.microsoft.com/Forums/windows/en-US/a08ad884-6b05-4632-8f28-2568eb97b636/update-kb3033929-fails-with-error-code-80004005?forum=w7itprosecurity
Oh well. It's the last MS OS I'll be using anyway.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
