Zero-day vulnerability CVE-2014-4114 impacting all versions of Microsoft Windows

Posted: October 14, 2014 in Vulnerability News
Tags: , , ,

SandwormZero-day vulnerability in all versions of Windows

On Tuesday, October 14, 2014, iSIGHT Partners – in close collaboration with Microsoft – announced the discovery of a zero-day vulnerability impacting all supported versions of Microsoft Windows and Windows Server 2008 and 2012.

Researchers at iSIGHT Partners said that the team, which they’ve dubbed Sandworm, likely has been active since 2009. (The sandworm is a fictional form of desert-dwelling creature from the Dune universe created by Frank Herbert – From Wikipedia, the free encyclopedia.)

Microsoft is making a patch for this vulnerability available as part of patch updates on the 14th – CVE-2014-4114.

Security Bypass in all versions of Microsoft Windows

Severity Rating: Critical
Availability Corrections: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: M / Au: N / C: P / I: P / A: P / E: H / RL: O / RC: C) = Base: 6.8 / Temporal: 5.9
CVE ID: CVE-2014-4114

Vector operation: Remote
Impact: Security Bypass
The availability of the exploit: active exploitation of the vulnerability

Affected Products: Microsoft Windows 7, Microsoft Windows 8, Microsoft Windows 8.1, Microsoft Windows Server 2008, Microsoft Windows Server 2012

Affected versions: Microsoft Windows all versions, Microsoft Windows Server 2008,
Microsoft Windows Server 2012

This security update resolves a privately reported vulnerability in Microsoft Windows: Microsoft Security Bulletin MS14-060

Client Operating System Usage

Microsoft Windows OLE Remote Code Execution. The vulnerability allows a remote user to bypass security restrictions in all versions of Microsoft Windows.

The flaw occurs when a user downloads, or receives, and then opens a specially crafted Microsoft Office file which contains OLE objects.

Note: Currently the vulnerability is being actively exploited by sending PowerPoint files containing a malicious OLE (object linking and embedding) object.

Solution: Install the latest version from the manufacturer’s website when it is available.

Microsoft LogoManufacturer URL:


Exploiting the 0-day vulnerability, attackers infected with malware Sandworm computer systems of NATO, the governments of Ukraine and Poland, the number of European industrial companies, as well as scientists from the United States.

Sandworm targets

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s