06. October 2010 · Comments Off on Defending against Stuxnet · Categories: Malware, Palo Alto Networks · Tags: ,

Palo Alto Networks Stuxnet – SCADA malware blog post describes all four Stuxnet vulnerabilities and how to defend against them.

The answer is a combination of policies which:

  • Block .LNK and .PIF files coming from the Internet to a private network
  • Disable RPC application traffic from the Internet to a private network
  • Deploy vulnerability protection profiles using the specific Palo Alto vulnerability signatures they developed to detect all four of the Windows vulnerabilities Stuxnet exploits.

This week Palo Alto Networks is releasing two new signatures which protect against the last of the four vulnerabilities, CVE-2010-2772. Microsoft does not have a patch for this one yet.