Stuxnet Mitigation 1.1

Thursday, October 28, 2010 @ 09:10 AM gHale


By Gregory Hale
Stuxnet has been out for a while now and users continue to wonder if they are affected and if they are how they can mitigate.
Eric Byres, chief technology officer at Byres Security along with Scott Howard of Byres Security updated their Stuxnet Mitigation Overview chart that first appeared on ISSSource.
Stuxnet is a computer worm designed to infect Siemens WinCC and PCS 7 systems. It takes advantage of numerous vulnerabilities in the Windows operating system and Siemens products, according to Byres’ white paper entitled “Analysis of the Siemens WinCC / PCS7 “Stuxnet” Malware for Industrial Control System Professionals”.
As a result, full mitigation requires multiple actions.
They do note, however, before deploying any mitigation to a live system, confirm the mitigation with the system vendor and test on a non-critical system. Users of Siemens products should contact their Siemens representative or review “Security concept PCS 7 and WinCC”.
Any Windows-based system can suffer from Stuxnet, regardless of whether or not it uses Siemens software.
The list of vulnerable systems has expanded to include all unsupported and current versions of Windows including Windows 2000, Windows XP, Windows Server 2003, Windows Vista, Windows Server 2008 and Windows 7, according to Byres’ paper. Of particular importance are the Windows 2000 systems, as there are no patches for these systems. It appears that Stuxnet will infect Windows NT machines, but will then abort.



Leave a Reply

You must be logged in to post a comment.