So you thought Microsoft already issued a patch that stopped the Stuxnet worm from spreading all the way back in 2010? So did everybody else. it would however seem that the emergency update didn’t quite do it and Stuxnet Incorrectly patched for five years, based on a report by HP’s TippingPoint security wing.
“That patch didn’t completely address the .LNK issue in the Windows shell, and there were weaknesses left behind,” Brian Gorenc, a TippingPoint vulnerability research manager, told Kaspersky Lab’s ThreatPost.
The result is that numerous Windows machines were left vulnerable to Stuxnet and similar attacks since the last five years.
The left over flaws were discovered by German security researcher Michael Heerklotz, who disclosed them to HP’s Zero Day Initiative in January.
The bugs are in every version of Windows from Vista and Windows Server 2003 all the way up to the latest Windows 8.1 and Windows Server 2012 R2.