Zero-day vulnerability in all versions of Windows
On Tuesday, October 14, 2014, iSIGHT Partners – in close collaboration with Microsoft – announced the discovery of a zero-day vulnerability impacting all supported versions of Microsoft Windows and Windows Server 2008 and 2012.
Researchers at iSIGHT Partners said that the team, which they’ve dubbed Sandworm, likely has been active since 2009. (The sandworm is a fictional form of desert-dwelling creature from the Dune universe created by Frank Herbert – From Wikipedia, the free encyclopedia.)
Microsoft is making a patch for this vulnerability available as part of patch updates on the 14th – CVE-2014-4114.
Security Bypass in all versions of Microsoft Windows
Severity Rating: Critical
Availability Corrections: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: M / Au: N / C: P / I: P / A: P / E: H / RL: O / RC: C) = Base: 6.8 / Temporal: 5.9
CVE ID: CVE-2014-4114
Vector operation: Remote
Impact: Security Bypass
The availability of the exploit: active exploitation of the vulnerability
Affected Products: Microsoft Windows 7, Microsoft Windows 8, Microsoft Windows 8.1, Microsoft Windows Server 2008, Microsoft Windows Server 2012
Affected versions: Microsoft Windows all versions, Microsoft Windows Server 2008,
Microsoft Windows Server 2012
This security update resolves a privately reported vulnerability in Microsoft Windows: Microsoft Security Bulletin MS14-060
Microsoft Windows OLE Remote Code Execution. The vulnerability allows a remote user to bypass security restrictions in all versions of Microsoft Windows.
The flaw occurs when a user downloads, or receives, and then opens a specially crafted Microsoft Office file which contains OLE objects.
Note: Currently the vulnerability is being actively exploited by sending PowerPoint files containing a malicious OLE (object linking and embedding) object.
Solution: Install the latest version from the manufacturer’s website when it is available.
Manufacturer URL: http://www.microsoft.com/
Link: http://www.isightpartners.com/2014/10/cve-2014-4114/
Exploiting the 0-day vulnerability, attackers infected with malware Sandworm computer systems of NATO, the governments of Ukraine and Poland, the number of European industrial companies, as well as scientists from the United States.