One of the patches released by Microsoft as part of its June 2017 security updates represents the company’s third attempt at patching an old vulnerability exploited by the notorious Stuxnet worm in 2010.
The initial vulnerability, tracked as CVE-2010-2568, allows a remote attacker to execute arbitrary code on a system using specially crafted shortcut files with the LNK or PIF extension.
CVE-2010-2568 was one of the four zero-day vulnerabilities exploited in the 2010 Stuxnet attacks targeting Iran’s nuclear program. Despite being patched by Microsoft in August 2010, it has remained one of the most exploited vulnerabilities.
Leave a reply