I notice that among the 17 security bulletins just released by Microsoft on Patch Tuesday, MS10-092 addresses the Task Scheduler vulnerability prominently exploited by Win32/Stuxnet.

We will be updating our Stuxnet analysis shortly, but what's really notable about this bulletin for me is the fact that it draws on cooperation between Microsoft, itself an AV vendor, and other companies (Kaspersky, Symantec, Design and Test Lab and ourselves). After the ugly allegations of inter-company rivalry, corruption, unethical malware creation, rogue marketing and black ops in China, this sounds much more like the industry I know and am honoured to play a small part in.

David Harley CITP FBCS CISSP
ESET Senior Research Fellow