All Posts

3 posts

November 2014 Patch Tuesday

This month Microsoft is publishing 14 bulletins with new versions and patches for its software, operating systems and applications. This is one fewer bulletin than Microsoft had announced last week.

Continue reading …

0-day in Microsoft OLE Packager/PowerPoint

Microsoft informed in security advisory 3010060 that they are aware of limited attacks against a new vulnerability in OLE packager. The vulnerability CVE-2014-6352 exists on all supported versions of Windows, except Windows 2003. The attack allows for remote code execution. As a temporary solution Microsoft has prepared a Fix-it in KB3010060. There are also instructions on how to configure EMET to block the attack.

OLE Packager was patched just this month in MS14-060. There a vulnerability (CVE-2014-4114) was also under limited attack through PowerPoint, and Microsoft credited iSIGHT Partners for the find. The new CVE-2014-6352 has security researchers from Google and McAfee in its credits section. McAfee has a blog post that details how they detected the additional weaknesses in OLE packager.

Stay tuned for more updates.