Wednesday, December 15, 2010

Final Stuxnet EoP Vulnerability Patched on Tuesday as MS10-092

It has been almost five months since Stuxnet was discovered in July of this year. However, the intricacies of this highly sophisticated worm have challenged the best minds in security research. This week on "Patch Tuesday", Microsoft released a record 17 patches to address 40 vulnerabilities. You can view the Microsoft Security Bulletin Summary for December 2010 by clicking here.

For those of you interested, the exploit code for the Task Scheduler EoP 0-day was made available on November 20. You can review this code by clicking here.

Interesting enough, this is the third time this year that Microsoft has set a record for closing vulnerabilities on Patch Tuesday. On a year-over-year basis, Microsoft closed out 2010 issuing 106 bulletins, compared with 74 in 2009, 78 in 2008. However, what is more interesting is that in these 106 bulletins, Microsoft has patched 261 vulnerabilities compared to 170 in 2009. This data, as published in Information Week confirms the growing trend in both number and complexity of the exploits released (and discovered!).

1 comment: