Microsoft patches 3 zero-days including Sandworm, three zero-days, Oracle and Adobe patches

You’ll want to patch CVE-2014-4114 with MS14-060 as a vulnerability in the OLE package manager can be exploited to remotely execute arbitrary code in Microsoft Windows versions Vista SP2 to Windows 8.1 and in Server 2008 and 2012. iSight, working in “close collaboration with Microsoft”—since before September Patch Tuesday, has tracked and monitored the exploitation of the vulnerability in the wild. A Russian cyber-espionage campaign dubbed “Sandworm” was used against targets including a U.S. academic organization, NATO, Ukrainian and Western European government organizations, European telecommunication firms and energy sector firms in Poland.

Sandworm targets iSight Partners

iSight added:

The vulnerability exists because Windows allows the OLE packager (packager .dll) to download and execute INF files. In the case of the observed exploit, specifically when handling Microsoft PowerPoint files, the packagers allows a Package OLE object to reference arbitrary external files, such as INF files, from untrusted sources.

This will cause the referenced files to be downloaded in the case of INF files, to be executed with specific commands. An attacker can exploit this vulnerability to execute arbitrary code but will need a specifically crafted file and use social engineering methods (observed in this campaign) to convince a user to open it.

Let that be a lesson to highlight one more reason never to use PowerPoint again….just kidding. However, patching the vulnerability is no joke.

Despite the name, Sandworm “is not a ‘worm’ in the sense of computer virus that can self-propagate.” (It’s a hat tip to killer worms in the movie Dune.) Ross Barrett, senior manager of security engineering at Rapid7, added, “The average system administrator or home users should not panic about Sandworm.…This is a local file format exploit” and “not a remote.” Nevertheless, Microsoft’s deployment chart shows it as an “Important” fix for an RCE.

Microsoft patch deployment schedule for Cct 2014 


You can update all these patches from Windows Update or from it’s individual MS Bulletin.