Microsoft October Patch Tuesday Tackles Zero-Day Vulnerabilities
Sandworm is just one of multiple zero-day flaws that have been actively exploited that Microsoft is patching.Microsoft is out with one of its October Patch Tuesday releases, which includes eight different security advisories patching 24 Common Vulnerabilities and Exposures (CVEs), including several zero-day flaws that have been actively exploited. Among the zero-day flaws patched is CVE-2014-4114, which has been dubbed "Sandworm" and has already been used in attacks against NATO and the European Union. Microsoft is providing a patch for CVE-2014-4114 with it MS14-060 update. "A vulnerability exists in Windows OLE that could allow remote code execution if a user opens a file that contains a specially crafted OLE object," Microsoft warns in its advisory. "An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user." OLE is Microsoft's Object Linking and Embedding technology that enables content to be linked inside of documents. iSight Partners first found evidence of the CVE-2014-4114 issue on Sept. 3 with an attack that leveraged the exploit in a malicious PowerPoint presentation. The vulnerability is being dubbed Sandworm by iSight due to references in the code to the classic Dune science fiction series, where sandworms play a pivotal role.
Another zero-day flaw fixed in the October Patch Tuesday update is CVE-2014-4113, which is a privilege escalation vulnerability. This flaw too has been actively exploiting users. Security firm Crowdstrike is attributing attacks leveraging CVE-2014-4113 to a Chinese malware group that it refers to as Hurricane Panda.