A five-year-old Microsoft patch for the .LNK vulnerability exploited by Stuxnet failed to properly protect Windows machines, leaving them exposed to exploits since 2010.
Microsoft today is expected to release a security bulletin, MS15-020, patching the vulnerability (CVE-2015-0096).
It is unknown whether there have been public exploits of patched machines. The original LNK patch was released Aug. 2, 2010.
The .LNK vulnerability was part of Stuxnet’s arsenal as it went after Iran’s nuclear program with a barrage of exploits targeting Windows vulnerabilities, as well as shortcomings inside Siemens programmable logic controllers in charge of centrifuge operations inside the Natanz uranium enrichment facility.
