Which of the following vulnerabilities did the Stuxnet worm exploit on target hosts? (Select 2 choices.)
- a buffer overflow vulnerability in the DCOM RPC service
- a buffer overflow vulnerability in IIS software
- a buffer overflow vulnerability in Microsoft SQL Server
- a remote code execution vulnerability in the printer spooler service
- a remote code execution vulnerability in the processing of .lnk files
Stuxnet exploited vulnerabilities in both the printer spooler service and the processing of .lnk files. Stuxnet was used in an act of cyber warfare against Iranian industrial control systems (ICSs). It was written to target specific ICSs by modifying code on programmable logic controllers (PLCs). Stuxnet initially exploited vulnerabilities in the printer spooler service? however, later variants exploited a vulnerability in the way that Windows processes shortcuts (.lnk files). Research from Symantec published in 2011 indicated that at the time, over 60% percent of the Stuxnetaffected hosts had been in Iran. Symantec analyzed Stuxnet and its variants and discovered that five organizations were the primary targets of infection and that further infections were likely collateral damage from the aggressive manner in which the worm spreads throughout the network. Given the considerable cost in resources and manhours that would have been required to craft the Stuxnet worm, it was theorized that it was likely intended to sabotage highvalue targets such as nuclear materials refinement facilities.
The Blaster worm exploited a buffer overflow vulnerability in the Distributed Component Object Model (DCOM) Remote Procedure Call (RPC) service on Microsoft Windows hosts. The worm carried a destructive payload that configured the target host to engage in Denial of Service (DoS) attacks on Microsoft update servers. Before Microsoft released a patch, several other worms exploited the vulnerability. For example, the Welchia worm targeted the same vulnerability. Welchia was developed to scan the network for vulnerable machines, infect them, and then remove the Blaster worm if present. It was even designed to download and install the appropriate patch from Microsoft to fix the vulnerability that it and Blaster initially exploited to infect the target machine. However, despite the goodnatured design intentions of the Welchia worm, its networkscanning component inadvertently caused DoS attacks on several large networks, including those of the United States armed forces.
SQL Slammer exploited a buffer overflow vulnerability in Microsoft Structured Query Language (SQL) server software. SQL Slammer spread at a tremendous rate and was reported to have infected as many as 12,000 servers per minute. Its high scanning rate generated enough traffic on many networks to effectively produce DoS effects as collateral damage to the infection.
Code Red exploited a buffer overflow vulnerability in Microsoft Internet Information Server (IIS) software. Although not as efficient as SQL Slammer, Code Red still managed to infect as many as 2,000 hosts per minute. The initial Code Red variant failed to infect more than a single set of IP addresses? however, a later variant was reported to have affected over 350,000 hosts within the first 14 hours of its release into the wild.