Zero-day vulnerability in all versions of Windows

On Tuesday, October 14, 2014, iSIGHT Partners – in close collaboration with Microsoft – announced the discovery of a zero-day vulnerability impacting all supported versions of Microsoft Windows and Windows Server 2008 and 2012.

Researchers at iSIGHT Partners said that the team, which they’ve dubbed Sandworm, likely has been active since 2009. (The sandworm is a fictional form of desert-dwelling creature from the Dune universe created by Frank Herbert – From Wikipedia, the free encyclopedia.)

Microsoft is making a patch for this vulnerability available as part of patch updates on the 14th – CVE-2014-4114.

Security Bypass in all versions of Microsoft Windows

Severity Rating: Critical

Availability Corrections: Yes

Number of vulnerabilities: 1

CVSSv2 Rating: (AV: N / AC: M / Au: N / C: P / I: P / A: P / E: H / RL: O / RC: C) = Base: 6.8 / Temporal: 5.9

CVE ID: CVE-2014-4114

Vector operation: Remote

Impact: Security Bypass

The availability of the exploit: active exploitation of the vulnerability

Affected Products: Microsoft Windows 7, Microsoft Windows 8, Microsoft Windows 8.1, Microsoft Windows Server 2008, Microsoft Windows Server 2012

Affected versions: Microsoft Windows all versions, Microsoft Windows Server 2008,

Microsoft Windows Server 2012

Important

This security update resolves a privately reported vulnerability in Microsoft Windows: This security update resolves a privately reported vulnerability in Microsoft Windows: Microsoft Security Bulletin MS14-060



Description:

Microsoft Windows OLE Remote Code Execution. The vulnerability allows a remote user to bypass security restrictions in all versions of Microsoft Windows.

The flaw occurs when a user downloads, or receives, and then opens a specially crafted Microsoft Office file which contains OLE objects.

Note: Currently the vulnerability is being actively exploited by sending PowerPoint files containing a malicious OLE (object linking and embedding) object.

Solution: Install the latest version from the manufacturer’s website when it is available.

Manufacturer URL: http://www.microsoft.com/

Link: http://www.isightpartners.com/2014/10/cve-2014-4114/

Exploiting the 0-day vulnerability, attackers infected with malware Sandworm computer systems of NATO, the governments of Ukraine and Poland, the number of European industrial companies, as well as scientists from the United States.