Skip to content
Safeguard Your GadgetsDiscover Innovative Gadgets

Microsoft's October 2014 Patch Tuesday Fixes Actively Exploited Vulnerabilities

Microsoft patches 'Sandworm' malware campaign vulnerability. Five bulletins allow remote code execution. Oracle's Java update addresses 25 CVEs.

 and  Administrator
1 min read
there was a room in which people are sitting in the chairs,in front of a table looking into the...
there was a room in which people are sitting in the chairs,in front of a table looking into the laptop and doing something,beside them there are many flee xi in which different advertisements are present which different text.

Microsoft's October 2014 Patch Tuesday Fixes Actively Exploited Vulnerabilities

Microsoft's October 2014 Patch Tuesday has arrived, addressing a significant number of critical issues, including several actively exploited vulnerabilities. The updates include fixes for a 0-day Windows vulnerability used in the 'Sandworm' malware campaign, as well as patches for Internet Explorer and Kernel mode driver vulnerabilities.

Among the notable fixes is MS14-060, which addresses a vulnerability exploited by the 'Sandworm' malware campaign. This campaign is attributed to the Russian state-sponsored hacker group 'Sandworm', active for over five years. The patch sets User Account Control (UAC) to 'Always Prompt', mitigating the vulnerability's impact.

Five of the eight bulletins allow for remote code execution (RCE) attacks, a higher than usual number. Microsoft is also addressing a 0-day vulnerability in Word (CVE-2014-4114) used in the 'Sandworm' campaign in MS14-060. Additionally, Adobe is releasing an update (APSB14-22) for Flash player addressing three RCE type vulnerabilities, automatically updated for newer IE versions.

Oracle is releasing an update for Java addressing 25 CVEs, 22 of which are usable for RCE. The number of active attacks using these vulnerabilities is unknown. Meanwhile, Microsoft's updates focus mainly on desktop software, with several vulnerabilities actively exploited in the wild.

Microsoft's October 2014 Patch Tuesday addresses many critical issues, including several actively exploited vulnerabilities. System administrators have a busy day ahead with additional updates from Oracle's Critical Patch Update (CPU) also released. Users are advised to apply these updates promptly to protect against known exploits.

Read also:

Related

Latest