CVE-2010-2568
published 2010-07-22CVE-2010-2568: Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to…
PriorityP190high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-10-06
Exploited in the wild
EPSS
91.32%
99.8th percentile
Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| microsoft | windows_server_2008 | — | — |
| siemens | simatic_pcs_7 | — | — |
| siemens | simatic_pcs_7 | — | — |
| siemens | simatic_pcs_7 | — | — |
| siemens | simatic_pcs_7 | — | — |
| siemens | simatic_wincc | — | — |
| siemens | simatic_wincc | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2010-2568 exploits remained the #1 most-used exploit by number of users attacked as late as 2016, despite a patch being available since 2010. Prioritize detection on unpatched Windows XP, Vista, 7, Server 2003, and Server 2008 systems. ↗
- →CVE-2015-0096 is a related follow-on vulnerability to CVE-2010-2568 (original Stuxnet .lnk bug); patched in MS15-020. Correlate detections for both CVEs when hunting for Stuxnet-lineage activity. ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q89m-g397-f55p: Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, a
ghsa_unreviewed·2022-05-17·CVSS 7.8
CVE-2010-2772 [HIGH] CWE-798 GHSA-q89m-g397-f55p: Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, a
Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568.
GHSA
GHSA-6j7w-pxhr-g4pr: Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote atta
ghsa_unreviewed·2022-05-14·CVSS 7.8
CVE-2010-2568 [HIGH] CWE-20 GHSA-6j7w-pxhr-g4pr: Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote atta
Windows Shell in Microsoft Windows XP SP3, Server 2003 SP2, Vista SP1 and SP2, Server 2008 SP2 and R2, and Windows 7 allows local users or remote attackers to execute arbitrary code via a crafted (1) .LNK or (2) .PIF shortcut file, which is not properly handled during icon display in Windows Explorer, as demonstrated in the wild in July 2010, and originally reported for malware that leverages CVE-2010-2772 in Siemens WinCC SCADA systems.
VulnCheck
Siemens simatic_wincc Use of Hard-coded Credentials
vulncheck·2010·CVSS 7.8
CVE-2010-2772 [HIGH] Siemens simatic_wincc Use of Hard-coded Credentials
Siemens simatic_wincc Use of Hard-coded Credentials
Siemens Simatic WinCC and PCS 7 SCADA system uses a hard-coded password, which allows local users to access a back-end database and gain privileges, as demonstrated in the wild in July 2010 by the Stuxnet worm, a different vulnerability than CVE-2010-2568.
Affected: Siemens simatic_wincc
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/54/stuxnet-malware-targets-scada-systems; https://support.industry.siemens.com/cs/document/43876783/simatic-wincc-simatic-pcs-7-information-about-malware-viruses-trojan-horses?dti=0&lc=en-US; https://www.wel
VulnCheck
Microsoft Windows Remote Code Execution Vulnerability
vulncheck·2010·CVSS 7.8
CVE-2010-2568 [HIGH] CWE-20 Microsoft Windows Remote Code Execution Vulnerability
Microsoft Windows Remote Code Execution Vulnerability
Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could execute code as the logged-on user.
Affected: Microsoft Windows
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/54/stuxnet-malware-targets-scada-systems; https://securelist.com/cybercrime-raiders/36323/; https://users.ece.cmu.edu/~tdumitra/public_documents/bilge12_zero_day.pdf; https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2018/03/08064459/Equation_group_questions_and_answers.pdf; htt
CISA
Microsoft Windows Remote Code Execution Vulnerability
cisa·2022-09-15·CVSS 7.8
CVE-2010-2568 [HIGH] CWE-20 Microsoft Windows Remote Code Execution Vulnerability
Vulnerability: Microsoft Windows Remote Code Execution Vulnerability
Affected: Microsoft Windows
Microsoft Windows incorrectly parses shortcuts in such a way that malicious code may be executed when the operating system displays the icon of a malicious shortcut file. An attacker who successfully exploited this vulnerability could execute code as the logged-on user.
Required Action: Apply updates per vendor instructions.
Notes: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046; https://nvd.nist.gov/vuln/detail/CVE-2010-2568
Remediation Due Date: 2022-10-06
CISA ICS
USB Malware Targeting Siemens Control Software (Update C)
cisa_ics·2014-01-08
USB Malware Targeting Siemens Control Software (Update C)
## Archived Content In an effort to keep CISA.gov current, the archive contains outdated information that may not reflect current policy or programs.
ICS Advisory
##
USB Malware Targeting Siemens Control Software (Update C)
Last RevisedJanuary 08, 2014
Alert CodeICSA-10-201-01C
## Overview
VirusBlokAda, an antivirus vendor based in Belarus, announcedVirusBlokAda, http://www.anti-virus.by/en/tempo.shtml, website last visited July 15, 2010. the discovery of malware that uses a zero-day vulnerability in Microsoft Windows processing of shortcut files. The malware utilizes this zero-day vulnerability and exploits systems after users open a USB drive with a file manager capable of displaying icons (like Windows Explorer). US-CERT has released a Vu
Suricata
ET MALWARE Stuxnet index.php
suricata·2010-09-28
CVE-2010-2568 ET MALWARE Stuxnet index.php
ET MALWARE Stuxnet index.php
Rule: alert http $HOME_NET 1024: -> $EXTERNAL_NET any (msg:"ET MALWARE Stuxnet index.php"; flow:established,to_server; http.uri; content:"/index.php?data=66a96e28"; nocase; reference:url,research.zscaler.com/2010/07/lnk-cve-2010-2568-stuxnet-incident.html; classtype:trojan-activity; sid:2011300; rev:6; metadata:created_at 2010_09_28, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_06;)
Exploit-DB
Microsoft Windows - Shell LNK Code Execution (MS10-046) (Metasploit)
exploitdb·2010-09-21
CVE-2010-2568 Microsoft Windows - Shell LNK Code Execution (MS10-046) (Metasploit)
Microsoft Windows - Shell LNK Code Execution (MS10-046) (Metasploit)
---
##
# $Id: ms10_046_shortcut_icon_dllloader.rb 10404 2010-09-21 00:13:30Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
class Metasploit3 'Microsoft Windows Shell LNK Code Execution',
'Description' => %q{
This module exploits a vulnerability in the handling of Windows
Shortcut files (.LNK) that contain an icon resource pointing to a
malicious DLL. This module creates a WebDAV service that can be used
to run an arbitrary payload when accessed as a UNC path.
},
'Author' =>
[
'hdm'
Exploit-DB
Microsoft Windows - Automatic .LNK Shortcut File Code Execution
exploitdb·2010-07-18
CVE-2015-0096 Microsoft Windows - Automatic .LNK Shortcut File Code Execution
Microsoft Windows - Automatic .LNK Shortcut File Code Execution
---
From: http://www.ivanlef0u.tuxfamily.org/?p=411
1. Unzip the files in 'C: \'. Start a DbgView or paste a KD to your VM.
2. Rename 'suckme.lnk_' to 'suckme.lnk' and let the magic do the rest of shell32.dll.
3. Look at your logs.
http://ivanlef0u.nibbles.fr/repo/suckme.rar
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14403.rar (suckme.rar)
Tested under XP SP3.
kd> g
Breakpoint 1 hit
eax=00000001 ebx=00f5ee7c ecx=0000c666 edx=00200003 esi=00000001 edi=7c80a6e4
eip=7ca78712 esp=00f5e9c4 ebp=00f5ec18 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202
SHELL32!_LoadCPLModule+0x10d:
001b:7ca78712 ff15a0159d7c call dword ptr [SHELL32!_imp__LoadLibrar
Metasploit
FannyBMP or DementiaWheel Detection Registry Check
metasploit·CVSS 7.8
CVE-2010-2568 [HIGH] FannyBMP or DementiaWheel Detection Registry Check
FannyBMP or DementiaWheel Detection Registry Check
This module searches for the Fanny.bmp worm related reg keys. fannybmp is a worm that exploited zero day vulns (more specifically, the LNK Exploit CVE-2010-2568). Which allowed it to spread even if USB Autorun was turned off. This is the same exploit that was used in StuxNet.
Metasploit
Microsoft Windows Shell LNK Code Execution
metasploit
Microsoft Windows Shell LNK Code Execution
Microsoft Windows Shell LNK Code Execution
This module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This creates an SMB resource to provide the payload inside a DLL, and generates a LNK file which must be sent to the target.
Metasploit
Microsoft Windows Shell LNK Code Execution
metasploit
Microsoft Windows Shell LNK Code Execution
Microsoft Windows Shell LNK Code Execution
This module exploits a vulnerability in the handling of Windows Shortcut files (.LNK) that contain an icon resource pointing to a malicious DLL. This module creates a WebDAV service that can be used to run an arbitrary payload when accessed as a UNC path.
Unit42
Windows Shortcut (LNK) Malware Strategies
blogs_unit42·2025-07-02
Windows Shortcut (LNK) Malware Strategies
## Executive Summary
Attackers are increasingly exploiting Windows shortcut (LNK) files for malware delivery. Our telemetry revealed 21,098 malicious LNK samples in 2023, which surged to 68,392 in 2024. In this article, we present an in-depth investigation of LNK malware, based on analysis of 30,000 recent samples.
Windows shortcut files use the .lnk file extension and function as a virtual link that allows people to easily access other files without having to navigate through multiple folders on a Windows host. The flexibility of LNK files makes them a powerful tool for attackers, as they can both execute malicious content and masquerade as legitimate files to deceive victims into unintentionally launching malware.
Our research indicates LNK malware falls into four categories:
- Explo
Unit42
Windows Shortcut (LNK) Malware Strategies
blogs_unit42·2025-07-02
Windows Shortcut (LNK) Malware Strategies
## Windows Shortcut (LNK) Malware Strategies
Haizhou Wang
Ashkan Hosseini
Ashutosh Chitwadgi
Published: July 2, 2025
Malware
Threat Research
Microsoft Windows
## Executive Summary
Attackers are increasingly exploiting Windows shortcut (LNK) files for malware delivery. Our telemetry revealed 21,098 malicious LNK samples in 2023, which surged to 68,392 in 2024. In this article, we present an in-depth investigation of LNK malware, based on analysis of 30,000 recent samples.
Windows shortcut files use the .lnk file extension and function as a virtual link that allows people to easily access other files without having to navigate through multiple folders on a Windows host. The flexibility of LNK files makes them a powerful tool for attackers, as they can both execute malicious cont
Tenable
From Bugs to Breaches: 25 Significant CVEs As MITRE CVE Turns 25
blogs_tenable·2024-10-22
From Bugs to Breaches: 25 Significant CVEs As MITRE CVE Turns 25
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Securelist
Threats to users of adult websites in 2018
blogs_securelist·2019-02-21
Threats to users of adult websites in 2018
Table of Contents
Introduction
Methodology and key findings
Part 1 – Malware
Porn tags = Malware tags
Mobile malware
Credential hunters
Part 2 – Phishing and spam
Spam-scam
Part 3 – Darknet insights
Conclusions and advice
Authors
Kaspersky
More graphs and statistics in full PDF version
## Introduction
2018 was a year that saw campaigns to decrease online pornographic content and traffic. For example, one of the most adult-content friendly platforms – Tumblr – announced it was banning erotic content (even though almost a quarter of its users consume adult content). In addition, the UK received the title of ‘ The Second Most Porn-Hungry Country in the World ‘ and is now implementing a law on age-verification for pornography lovers that will prohibit anyone below the age of 18
Securelist
Threats to users of adult websites in 2018
blogs_securelist·2019-02-21
Threats to users of adult websites in 2018
Table of Contents
- Introduction
- Methodology and key findings
- Part 1 – Malware
- Part 2 – Phishing and spam
- Part 3 – Darknet insights
- Conclusions and advice
Authors
- Kaspersky
More graphs and statistics in full PDF version
## Introduction
2018 was a year that saw campaigns to decrease online pornographic content and traffic. For example, one of the most adult-content friendly platforms – Tumblr – announced it was banning erotic content (even though almost a quarter of its users consume adult content). In addition, the UK received the title of ‘The Second Most Porn-Hungry Country in the World‘ and is now implementing a law on age-verification for pornography lovers that will prohibit anyone below the age of 18 to watch this sort of content. This is potentially opening a worl
Securelist
IT threat evolution Q3 2018 | Securelist
blogs_securelist·2018-11-12
IT threat evolution Q3 2018 | Securelist
Authors
- David Emm
## Targeted attacks and malware campaigns
### Lazarus targets cryptocurrency exchange
Lazarus is a well-established threat actor that has conducted cyber-espionage and cybersabotage campaigns since at least 2009. In recent years, the group has launched campaigns against financial organizations around the globe. In August we reported that the group had successfully compromised several banks and infiltrated a number of global cryptocurrency exchanges and fintech companies. While assisting with an incident response operation, we learned that the victim had been infected with the help of a Trojanized cryptocurrency trading application that had been recommended to the company over email.
An unsuspecting employee had downloaded a third-party application from a legitimate
Securelist
USB threats from malware to miners
blogs_securelist·2018-09-25·CVSS 7.8
CVE-2010-2568 [HIGH] USB threats from malware to miners
Table of Contents
Introduction
Methodology and key findings
Key findings
The evolving cyberthreat landscape for USBs
USBs as a tool for advanced threat actors
The Stuxnet survivor CVE-2010-2568
Malware delivered via removable media
Miners – rare but persistent
Dark Tequila – advanced banking malware
Target geography
Conclusion and advice
Authors
Kaspersky
## Introduction
In 2016, researchers from the University of Illinois left 297 unlabelled USB flash drives around the university campus to see what would happen. 98% of the dropped drives were picked up by staff and students, and at least half were plugged into a computer in order to view the content. For a hacker trying to infect a computer network, those are pretty irresistible odds.
USB devices have been around for almos
Securelist
USB threats from malware to miners
blogs_securelist·2018-09-25
USB threats from malware to miners
Table of Contents
- Introduction
- Methodology and key findings
- The evolving cyberthreat landscape for USBs
- Target geography
- Conclusion and advice
Authors
- Kaspersky
## Introduction
In 2016, researchers from the University of Illinois left 297 unlabelled USB flash drives around the university campus to see what would happen. 98% of the dropped drives were picked up by staff and students, and at least half were plugged into a computer in order to view the content. For a hacker trying to infect a computer network, those are pretty irresistible odds.
USB devices have been around for almost 20 years, offering an easy and convenient way to store and transfer digital files between computers that are not directly connected to each other or to the internet. This capability has been e
Qualys
Countdown to GDPR: Manage Vulnerabilities | Qualys
blogs_qualys·2017-08-02
Countdown to GDPR: Manage Vulnerabilities | Qualys
If your organization needs a compelling reason for establishing or enhancing its vulnerability management program, circle this date in bold, red ink on your corporate calendar: May 25, 2018.
On that day, the EU’s General Data Protection Regulation (GDPR) goes into effect, intensifying the need for organizations to painstakingly protect EU residents’ data from accidental mishandling and foul play.
While complying with GDPR involves adopting and modifying a variety of IT systems and business processes, having comprehensive and effective vulnerability management should be key in your efforts.
Why? Too many preventable data breaches occur because hackers exploit well-known vulnerabilities for which patches are available but haven’t been installed.
This happens because many organizations, i
Qualys
Countdown to GDPR: Manage Vulnerabilities
blogs_qualys·2017-08-02
Countdown to GDPR: Manage Vulnerabilities
If your organization needs a compelling reason for establishing or enhancing its vulnerability management program, circle this date in bold, red ink on your corporate calendar: May 25, 2018.
On that day, the EU’s General Data Protection Regulation (GDPR) goes into effect, intensifying the need for organizations to painstakingly protect EU residents’ data from accidental mishandling and foul play.
While complying with GDPR involves adopting and modifying a variety of IT systems and business processes, having comprehensive and effective vulnerability management should be key in your efforts.
Why? Too many preventable data breaches occur because hackers exploit well-known vulnerabilities for which patches are available but haven’t been installed.
This happens because many organizations, i
Securelist
Exploits: how great is the threat?
blogs_securelist·2017-04-20
Exploits: how great is the threat?
Table of Contents
- Key findings on exploits targeting all users in 2015-2016:
- Key findings on exploits used by targeted attackers 2010 -2016:
- Everyone loves an exploit
- Conclusion and Advice
Authors
- Kaspersky
How serious, really, is the danger presented by exploits? The recent leak of an exploit toolset allegedly used by the infamous Equation Group suggests it’s time to revisit that question. Several zero-days, as well as a bunch of merely ‘severe’ exploits apparently used in-the-wild were disclosed, and it is not yet clear whether this represents the full toolset or whether there’s more to come, related to either Equation or another targeted threat actor.
Of course, Equation Group is not the first, and is certainly not the only sophisticated targeted attacker to use stealthy
Securelist
Exploits: how great is the threat?
blogs_securelist·2017-04-20
Exploits: how great is the threat?
Table of Contents
Key findings on exploits targeting all users in 2015-2016:
Key findings on exploits used by targeted attackers 2010 -2016:
Everyone loves an exploit
Conclusion and Advice
Authors
Kaspersky
How serious, really, is the danger presented by exploits? The recent leak of an exploit toolset allegedly used by the infamous Equation Group suggests it’s time to revisit that question. Several zero-days, as well as a bunch of merely ‘severe’ exploits apparently used in-the-wild were disclosed, and it is not yet clear whether this represents the full toolset or whether there’s more to come, related to either Equation or another targeted threat actor.
Of course, Equation Group is not the first, and is certainly not the only sophisticated targeted attacker to use stealthy, often
Sentinelone
How .LINK Files Work? - Risks, Methods, and Detection
blogs_sentinelone·2017-03-30·CVSS 7.8
[HIGH] How .LINK Files Work? - Risks, Methods, and Detection
Malicious actors keep us on our toes as they move from executables (.EXE) and scripts files to .LNK file to sneak in their payloads. With email servers routinely configured to reject attachments with file extensions like .exe, .pif, and .com, attackers have gotten more creative with their deception techniques.
From Locky to Kovter, the most popular of ransomware is getting in on the .LNK fun. After all, an attack is only as good as the size of its impact.
## What is .LNK Files? Understanding Their State
Attackers have moved to script based droppers to bypass the restrictions on email servers by deploying Microsoft JScript (.js), VisualBasic Script (.vbs), and Microsoft Office files that use macros (.doc/.xls). Using .LNK files is a further progression of this type of evasion since tradi
Sentinelone
How .LINK Files Work? - Risks, Methods, and Detection
blogs_sentinelone·2017-03-30·CVSS 7.8
[HIGH] How .LINK Files Work? - Risks, Methods, and Detection
Malicious actors keep us on our toes as they move from executables (.EXE) and scripts files to .LNK file to sneak in their payloads. With email servers routinely configured to reject attachments with file extensions like .exe, .pif, and .com, attackers have gotten more creative with their deception techniques.
From Locky to Kovter , the most popular of ransomware is getting in on the .LNK fun. After all, an attack is only as good as the size of its impact.
## What is .LNK Files? Understanding Their State
Attackers have moved to script based droppers to bypass the restrictions on email servers by deploying Microsoft JScript (.js), VisualBasic Script (.vbs), and Microsoft Office files that use macros (.doc/.xls). Using .LNK files is a further progression of this type of evasion since trad
Qualys
Patch Tuesday March 2015 | Qualys
blogs_qualys·2015-03-10·CVSS 4.3
[MEDIUM] Patch Tuesday March 2015 | Qualys
It is March Patch Tuesday 2015, but similar to last month we are having more issues than expected in a normal month. Or maybe that is the new normal: patches from Microsoft, Adobe and a set of other security issues to deal with.
Before we get to these patches, it’s important to note that we also had two out-of-band issues this month: FREAK and Superfish.
### FREAK
FREAK is a vulnerability in SSL, discovered by the team at SMACKTLS. The vulnerability allows an attacker that has a Man-in-the-Middle (MITM) position to downgrade your computer’s SSL communication to an export grade cipher (512 bit RSA), which is breakable relatively quickly (< 24 hours). Once the attacker has the key she can eavesdrop on your communication and even modify it and redirect you to impostor sites. SMACKTLS has a
Qualys
Patch Tuesday March 2015 | Qualys
blogs_qualys·2015-03-10·CVSS 4.3
[MEDIUM] Patch Tuesday March 2015 | Qualys
It is March Patch Tuesday 2015, but similar to last month we are having more issues than expected in a normal month. Or maybe that is the new normal: patches from Microsoft, Adobe and a set of other security issues to deal with.
Before we get to these patches, it’s important to note that we also had two out-of-band issues this month: FREAK and Superfish.
## FREAK
FREAK is a vulnerability in SSL, discovered by the team at SMACKTLS. The vulnerability allows an attacker that has a Man-in-the-Middle (MITM) position to downgrade your computer’s SSL communication to an export grade cipher (512 bit RSA), which is breakable relatively quickly (< 24 hours). Once the attacker has the key she can eavesdrop on your communication and even modify it and redirect you to impostor sites. SMACKTLS has a
Zscaler
Lethic Botnet Returns, Uses "Realtek" Identifier | Zscaler
blogs_zscaler·2010-11-10·CVSS 7.8
[HIGH] Lethic Botnet Returns, Uses "Realtek" Identifier | Zscaler
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Talos
Rule Release for Today, Thursday July 22nd, 2010
blogs_talos·2010-07-22·CVSS 7.8
CVE-2010-2568 [HIGH] Rule Release for Today, Thursday July 22nd, 2010
Two main vulnerabilities covered in this release. Microsoft Windows Shell shortcut vulnerability (CVE-2010-2568) and the Siemens Simatic WinCC and PCS 7 SCADA vuln (CVE-2010-2772). Both of these are being actively used by the Stuxnet worm.
More details are available here: http://www.snort.org/vrt/advisories/2010/07/22/vrt-rules-2010-07-22.html
Talos
Rule Release for Today, Thursday July 22nd, 2010
blogs_talos·2010-07-22·CVSS 7.8
CVE-2010-2568 [HIGH] Rule Release for Today, Thursday July 22nd, 2010
## Rule Release for Today, Thursday July 22nd, 2010
Two main vulnerabilities covered in this release. Microsoft Windows Shell shortcut vulnerability (CVE-2010-2568) and the Siemens Simatic WinCC and PCS 7 SCADA vuln (CVE-2010-2772). Both of these are being actively used by the Stuxnet worm.
More details are available here: http://www.snort.org/vrt/advisories/2010/07/22/vrt-rules-2010-07-22.html
Zscaler
.LNK (CVE-2010-2568) / Stuxnet Incident | Zscaler
blogs_zscaler·2010-07-21·CVSS 7.8
[HIGH] .LNK (CVE-2010-2568) / Stuxnet Incident | Zscaler
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
Zscaler
Vulnerability in Windows Allowed Remote Code Execution
blogs_zscaler·CVSS 7.8
[HIGH] Vulnerability in Windows Allowed Remote Code Execution
Provide users with seamless, secure, reliable access to applications and data.
Build and run secure cloud apps, enable zero trust cloud connectivity, and protect workloads from data center to cloud.
Provide zero trust connectivity for IoT and OT devices and secure remote access to OT systems.
Provide zero trust site-to-site connectivity and reliable access to B2B apps for partners.
Industry Report
Zscaler: A Leader in the 2025 Gartner® Magic Quadrant™ for Security Service Edge (SSE)
USE CASES
INDUSTRY & MARKET SOLUTIONS
PARTNERS
TECHNOLOGY PARTNERS
Resource Center
Events & Trainings
Security Research & Services
Tools
Community & Support
CXO REVOLUTIONARIES
Amplifying the voices of real-world digital and zero trust pioneers
Discover how it began and where it’s going
Meet o
CTF
Syskron Security CTF / README
ctf_writeups·2019
CVE-2010-2568 Syskron Security CTF / README
# Syskron Security CTF 2019
URL: https://ctf2019.syskron-security.com/
Team: Gutenberg (TeamPowerPrinter)
Place: 2 (of 584)
## Flags
```
Fun/Trivia
History lesson in malware ( 10 points): {cve-2010-2568}
Tracing Bitcoins ( 10 points): {54.3489921_BTC}
Making OPC UA secure ( 10 points): ...
Using an OPC UA service ( 10 points): ...
An e-mail and a link ( 100 points): ...
A fundamental problem ( 600 points): {you-solved-a-fundamental-problem}
OS INT
Industrial sightseeing tour 1 ( 100 points): ...
Industrial sightseeing tour 2 ( 200 points): ...
Industrial sightseeing tour 3 ( 500 points): ...
Access the device! ( 200 points): ...
Forensics
Error log ( 400 points): {the-motor-needs-to-be-replaced!}
Packets are wonderful ( 500 points): ...
Bottle inspection ( 500 points): {there-is-a-f
http://isc.sans.edu/diary.html?storyid=9181http://isc.sans.edu/diary.html?storyid=9190http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/http://secunia.com/advisories/40647http://securitytracker.com/id?1024216http://www.f-secure.com/weblog/archives/00001986.htmlhttp://www.f-secure.com/weblog/archives/new_rootkit_en.pdfhttp://www.kb.cert.org/vuls/id/940193http://www.microsoft.com/technet/security/advisory/2286198.mspxhttp://www.securityfocus.com/bid/41732http://www.us-cert.gov/cas/techalerts/TA10-222A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htmhttp://isc.sans.edu/diary.html?storyid=9181http://isc.sans.edu/diary.html?storyid=9190http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw/http://secunia.com/advisories/40647http://securitytracker.com/id?1024216http://www.f-secure.com/weblog/archives/00001986.htmlhttp://www.f-secure.com/weblog/archives/new_rootkit_en.pdfhttp://www.kb.cert.org/vuls/id/940193http://www.microsoft.com/technet/security/advisory/2286198.mspxhttp://www.securityfocus.com/bid/41732http://www.us-cert.gov/cas/techalerts/TA10-222A.htmlhttps://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-046https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11564https://www.geoffchappell.com/notes/security/stuxnet/ctrlfldr.htmhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2010-2568
2010-07-22
Published
2022-09-15
Added to CISA KEV
Exploited in the wild