Stuxnet Mitigation Update 09-16-10

Yesterday the team at DHS-CERT updated their Control Systems Security Program web page. They included a link to an updated advisory on mitigation measures for the Stuxnet malware. The new information on Stuxnet provides information on the five Microsoft vulnerabilities that were exploited by Stuxnet; four of which were 0-day vulnerabilities.

ICS-CERT reports that two of the 0-day vulnerabilities have now been addressed by separate Windows® updates (MS10-046 and MS10-061). Microsoft is reportedly still reviewing the two remaining vulnerabilities and ICS-CERT notes that they “will be releasing updates in future bulletins” (pg 2). The ICS-CERT advisory makes the following Stuxnet mitigation recommendation:

“ICS-CERT recommends that control system owners and operators review system upgrades and consider applying available patches to mitigate the risks for Stuxnet infection. As with all system changes, administrators should consult their control systems vendor prior to making any system changes.”

The Advisory also notes that Siemens is now reporting knowledge of 15 infections, but that “in none of the cases did the infection cause an adverse impact to the automation system”.