* [Blog](https://origin-researchcenter.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://origin-researchcenter.paloaltonetworks.com/blog/corporate/)
* [Endpoint](https://origin-researchcenter.paloaltonetworks.com/blog/category/endpoint-2/)
* Palo Alto Networks Traps ...

# Palo Alto Networks Traps Prevents Exploitation of CVE-2010-2568/CVE-2015-0096 - Stuxnet Zero Day

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2015%2F03%2Fpalo-alto-networks-traps-prevents-exploitation-of-cve-2010-2568cve-2015-0096-stuxnet-zero-day%2F)  
[](https://twitter.com/share?text=Palo+Alto+Networks+Traps+Prevents+Exploitation+of+CVE-2010-2568%2FCVE-2015-0096+-+Stuxnet+Zero+Day&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2015%2F03%2Fpalo-alto-networks-traps-prevents-exploitation-of-cve-2010-2568cve-2015-0096-stuxnet-zero-day%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Forigin-researchcenter.paloaltonetworks.com%2Fblog%2F2015%2F03%2Fpalo-alto-networks-traps-prevents-exploitation-of-cve-2010-2568cve-2015-0096-stuxnet-zero-day%2F&title=Palo+Alto+Networks+Traps+Prevents+Exploitation+of+CVE-2010-2568%2FCVE-2015-0096+-+Stuxnet+Zero+Day&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://origin-researchcenter.paloaltonetworks.com/blog/2015/03/palo-alto-networks-traps-prevents-exploitation-of-cve-2010-2568cve-2015-0096-stuxnet-zero-day/&ts=markdown)  
\[\](mailto:?subject=Palo Alto Networks Traps Prevents Exploitation of CVE-2010-2568/CVE-2015-0096 - Stuxnet Zero Day)  
Link copied  
By [Palo Alto Networks](https://www.paloaltonetworks.com/blog/author/palo-alto-networks-staff/?ts=markdown "Posts by Palo Alto Networks")  
Mar 13, 2015  
3 minutes  
[Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown)  
[Stuxnet](https://www.paloaltonetworks.com/blog/tag/stuxnet/?ts=markdown)  
[Traps](https://www.paloaltonetworks.com/blog/tag/traps/?ts=markdown)  
[Vulnerability](https://www.paloaltonetworks.com/blog/tag/vulnerability/?ts=markdown)  
[zero-day](https://www.paloaltonetworks.com/blog/tag/zero-day/?ts=markdown)

Almost half a decade has passed since the disclosure of the Stuxnet attack. However, its position as a milestone in advanced cybersecurity has not much diminished, and its implications are still being explained.

In August 2014, Kaspersky Lab [reported](http://usa.kaspersky.com/about-us/press-center/in-the-news/stuxnet-exploits-still-alive-well-dark-reading) that during November 2013 and June 2014 the Windows Shell flaw ([CVE-2010-2568](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2568)) was detected 50 million times, attacking 19 million machines. Stuxnet-derived threats are indeed alive -- and active. This past week's edition of Patch Tuesday unintentionally brought CVE-2010-2568 back into the spotlight.

Microsoft released [MS15-020](https://technet.microsoft.com/en-us/library/security/ms15-020.aspx) as part of the March Patch Tuesday, an update which purportedly fixes a DLL planting vulnerability that allowed an attacker to gain remote code execution by directing a user to a web share or folder which contains the malicious files. The vulnerability was assigned [CVE-2015-0096.](http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0096)

Closer inspection reveals that this vulnerability is actually a rehash of the same LNK vulnerability utilized in the Stuxnet malware in 2010: CVE-2010-2568. Let us examine the nature of CVE-2010-2568.

The exploit allowed an attacker to plant a DLL file along with an LNK file that would be automatically loaded as soon as a user browses to the folder containing the LNK file, by exploiting a vulnerability in the way the Windows Explorer shell treats shortcuts linking to CPL files (control panel interfaces).

The patch was released for all available OSs in August 2010, and newer OSs and service packs were shipped with it, meaning this original vulnerability could never target Windows 7 SP1 or newer (Windows 8 or 8.1) machines.

This month's new patch, however, reveals that the original vulnerability was only partially fixed, allowing an attacker to bypass the fix by exploiting the LNK's path parsing mechanism, reaching a corner case which allows it to reproduce the original vulnerability.

As a result of this, all systems which were considered patched are now vulnerable to this new but similar vulnerability, along with all OSs released since, including Windows 8.1.

The new patch released by Microsoft incorporates code to check the loaded CPL file against a pre-determined whitelist. Palo Alto Networks Traps, however, takes a prevention-based approach even further. Not only does Traps mitigate the original vulnerability, but also the new vulnerability, thanks to more robust logic in preventing LNK files from loading foreign DLLs in CPL guise.

The examples of CVE-2010-2568 and CVE-2015-0096 are important not only because of the specific exploits and attacks related to them, but also because of how critical it is to understand that the volume of ongoing attacks is high even within systems that are considered patched and secured. The gap in the original CVE-2010-2568 patch is now fixed, but what about others now being exploited that we don't yet know about?

Traps offers proactive prevention. Through a deep understanding of the various exploitation techniques employed by attackers, Traps proves time after time that it provides protection from zero days and yet-to-be-discovered-attacks without reliance on patching or prior knowledge.

Taking it back to CVE-2010-2568, systems protected by Palo Alto Networks Traps were safe against this exploit throughout the last few years and remain so, even without applying the new patch. That's the power of prevention.

*** ** * ** ***

## Related Blogs

### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### Protecting Endpoints From Day One](https://origin-researchcenter.paloaltonetworks.com/blog/2019/01/protecting-endpoints-day-one/)

### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### Traps: Fighting Threats With Cloud-Based Malware Analysis](https://origin-researchcenter.paloaltonetworks.com/blog/2018/11/traps-fighting-fire-cloud-based-malware-analysis/)

### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Technical Documentation](https://www.paloaltonetworks.com/blog/category/technical-documentation/?ts=markdown)

[#### Tech Docs: Five New Features in the Traps Management Service](https://origin-researchcenter.paloaltonetworks.com/blog/2018/08/tech-docs-five-new-features-traps-management-service/)

### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown), [Technical Documentation](https://www.paloaltonetworks.com/blog/category/technical-documentation/?ts=markdown)

[#### Tech Docs: Traps 5.0.2 and the July Traps Management Service - So Hot Right Now!](https://origin-researchcenter.paloaltonetworks.com/blog/2018/07/tech-docs-traps-5-0-2-july-traps-management-service-hot-right-now/)

### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Enterprise](https://www.paloaltonetworks.com/blog/category/secure-the-enterprise/?ts=markdown)

[#### Introducing Traps for Android](https://origin-researchcenter.paloaltonetworks.com/blog/2018/06/introducing-traps-android/)

### [Endpoint](https://www.paloaltonetworks.com/blog/category/endpoint-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Technical Documentation](https://www.paloaltonetworks.com/blog/category/technical-documentation/?ts=markdown)

[#### Tech Docs: 3 New Features in the Latest Traps Management Service Release](https://origin-researchcenter.paloaltonetworks.com/blog/2018/06/tech-docs-3-new-features-latest-traps-management-service-release/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://origin-researchcenter.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language