Remember Stuxnet? If not, Stuxnet made the news back in 2010 as a vulnerability that had existed for years already. Designed to run as a worm from connected USB thumb drives, it targeted systems run by programmable logic controllers (PLCs). But, the news wasn't solely that it existed, but that it had been used to destroy almost a fifth of Iran's nuclear centrifuges.
Microsoft patched the vulnerability with MS10-046 shortly after it was discovered, but an HP security researcher believes that the fix failed. In a blog post on March 10, Dave Weinstein, blasted Microsoft for providing a botched patch in 2010. Microsoft's belief differs, suggesting the latest vulnerability is actually a new one, though evolved based on the original design. This month, Microsoft is providing updated security measures to ensure that as cybercriminals tactics have changed, Windows will be secured against any new Stuxnet-type threats.
This is the one intended to finally repair the vulnerability:
Vulnerabilities in Microsoft Windows Could Allow Remote Code Execution (3041836)
With news about the evolved threat now public, some have suggested to halt using USB thumb drives until the security update is installed.
Yesterday, Microsoft released 14 big security updates for a number of products and components, including a patch for the recently discovered FREAK vulnerability.