October 2014 Patch Tuesday from Microsoft focuses mainly on desktop software like Windows, Office, Word and IE with the attack vector targeting end-users. Several of the vulnerabilities are in use by attackers in the wild and should receive an extra urgent treatment by both enterprises and end-users alike. iSight Partners are reporting their research on a malware campaign that has been active for 5 years. They have dubbed the campaign “Sandworm”, due to a number of Dune references in the Command and Control URLs. One of the iterations of the campaign during the summer of 2014 has used a 0-day vulnerability in Windows (CVE-2014-4114) triggered through a malicious Powerpoint file. Microsoft is addressing the flaw today in MS14-060.