Submitted by Eric Byres on Fri, 2012-10-12 21:00
Yesterday afternoon I received a note from another security expert that has left me a bit stunned. Like most of you, I assumed that if you are patching your Windows computers on your SCADA or ICS system (using some variation of Microsoft Windows Update), then any vulnerable services that can be patched will be patched. Well guess again – you may still have a number of open vulnerabilities that are happily being missed by the Windows update service.
Submitted by Eric Byres on Fri, 2011-02-18 09:34
February has not been a good month for ICS and SCADA security, at least not if you want to feel secure.
Submitted by Eric Byres on Wed, 2010-08-11 10:05
If you have been reading the various advisories on the Stuxnet malware, you would be forgiven for thinking that only computers running relatively new versions of the Windows systems are vulnerable to this worm. For example, the Siemens Stuxnet advisory states; “The virus affects operating systems from XP and higher.” Does that mean if I am running Windows 2000 servers I am immune?
Unfortunately, the answer is NO! Based on our testing, all versions of Windows are vulnerable to Stuxnet, regardless of age.