As part of Monthly security update, Microsoft issued eight security bulletin on Tuesday that addresses two dozens of vulnerabilities including a zero-day vulnerability reportedly exploited by the Russian hackers to attack NATO computers as a part of “Sandworm” cyberattack.
According to the FireEye security researchers, they identified the two of three so-called zero-day bugs that are being actively exploited in the wild by attackers and are also being used as “part of limited, targeted attacks against some major corporations.”
Microsoft security updates for the October 2014 Patch on Tuesday address multiples of vulnerabilities in all currently supported versions of Microsoft Windows, Microsoft Internet Explorer, Microsoft Office, Sharepoint Server and the .Net framework. Systems adminis are recommended to apply the patches immediately for the critical updates.
One of the security fix addresses a Zero Day flaw discovered by iSight partners (CVE-2014-4114) which is remote code execution vulnerability in all supported versions of Microsoft Windows and Windows Server 2008 and 2012 that is being exploited in the “Sandworm” cyberattack. The flaw has been used as part of a five-year cyberespionage campaign, according to security iSight, but it is not know what kind of data has been lifted throughout the Sandworm attack.
A vulnerability exists in [ Windows OLE ] which could allow remote code execution if a user MS Office opens a file that contains a specially crafted OLE object,” Microsoft warned in its bulletin. “An attacker who successfully exploited this bug could run the same user rights as the current user.” (OLE is Microsoft technology for creating complex documents that contain a combination of video, text, sound and other elements.)
The two zero-days vulnerabilities discovered by FireEye are fixed as part of MS14-058 and are marked as critical. They are assigned CVE-2014-4148 and CVE-2014-4113.
FireEye explained “We have no evidence of these exploits being used by the same hackers. Instead, we have only observed each exploit being used separately, in unrelated hacking attacks,”.
CVE-2014-4148 exploits a bug in TrueType Font (TTF) processing. TrueType Font (TTF) processing is performed in Windows kernel mode as part of the GDI and has been the source of critical vulnerabilities in the past as well.
The flaw affects Windows 7/Windows Server 2008 R2 (Service Pack 0 and 1), Windows 8.1/Windows Server 2012 R2, Windows 8/Windows Server 2012 and Windows XP Service Pack 3. Both 32-bit and 64-bit versions of the Operating System are affected, but the attacks have only been observed against 32-bit Operating Systems.
CVE-2014-4113 is a local (EoP) Elevation of Privilege vulnerability that affects all versions of Microsoft Windows including, Vista, XP,Windows 7, Microsoft Windows 2000, Microsoft Windows Server 2008/R2, Microsoft Windows Server 2003/R2, Windows Server 2012/R2 and Windows 8.x.
Out of remaining security bulletins, the two are rated critical as both address remote code execution flaw in Internet Explorer and Microsoft .NET Framework respectively. While other bulletins are rated important in severity, include Security Feature Bypass, elevation of privilege bugs, and a remote code execution flaw.