Today’s round of Microsoft patches addresses a variety of issues including one of the Stuxnet-related zero-day vulnerabilities. Stuxnet actually leverages four different zero-day vulnerabilities! For more details go here, here and here. Computerworld has a more detailed article about Stuxnet: Siemans: Stuxnet worm hit industrial systems.
There has been a lot written about the Stuxnet malware in the last several weeks and rightfully so. Stuxnet not only infects Windows computers which supervise industrial control systems, but then goes on to infect the software running on individual Programmable Logic Controllers (PLCs) which control the actual subsystems of those industrial processes. (Each Windows computer controls some number of PLCs which actually run the industrial processes.)
Therefore Stuxnet enables the attacker to remotely cause an industrial automation system to malfunction. It gets even worse – the PLC malware is hidden in a way that PLC software engineers won’t notice the change! Thus Stuxnet is the first known rootkit for industrial control system.
And the vulnerability Stuxnet exploits was zero-day. In other words, the vulnerability was not known at the time Stuxnet began. Stuxnet was first detected in late July 2010, but now information is coming out that it really started in 2009! Some are saying that the sophistication of Stuxnet indicates nation-state involvement.
You can read more details (depending on how technical you want to get) from CNET, SC Magazine, Symantec, Kaspersky, and Mandiant.
There has always been a lot of talk about the need to protect critical infrastructure. Now we are seeing a real threat which increases the risk of industrial control incidents, and therefore heightens the priority to deploy Boundary Defense Controls in these environments.