Press "Enter" to skip to content

SandWorm Zero-Day – CVE-2014-4114 – MS14-060 (UPDATED!)

Just came across the new zero-day in Windows which affects all versions.  The patch should be available today under MS14-060, but I haven’t seen it yet to link it.  It’s also not showing in WSUS.

The zero-day appears to be a remote code execution in Microsoft Office when a malicious OLE object is embedded.  It affects all supported versions of Windows, but it is not clear if Windows XP is affected.  I would assume it is, and that we won’t be getting a patch for it.  The exploit allows the code to be run with the logged-in user’s rights, limiting the impact if the user doesn’t have administrative rights.

Some workarounds, which might mitigate the risk even to XP users:

Disable WebClient services – which breaks Sharepoint integration and WebDAV.
Block TCP ports 139 and 445 – which breaks SMB and CIFS file sharing
Block the launching of executables via Setup INF files – which would likely break your older installers.

If you aren’t on XP, better start patching.  If you are, well it’s time to consider moving up in the world.

Full details available here (which I haven’t read yet):

Zero-day impacting all versions of Microsoft Windows – used in Russian cyber-espionage campaign targeting NATO, European Union, Telecommunications and Energy sectors
MS14-060 – which points to KB3000869 that doesn’t load at the time of this update.

I will update when I know more.

10/14/14 1:54 PM – Updated with latest info from MS.

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *