Microsoft Patch Tuesday Brings Plenty-o-Patches And A Kill For That Nasty Sandworm

Brace yourself, Patch Tuesday is coming. This time around, Microsoft released a total of eight security bulletins, three of which are rated Critical and the other five listed as Important. All combined, these eight security updates will patch up 24 Common Vulnerabilities and Exposures (CVEs) in Windows, Office, .NET Framework, .ASP, .NET, and Internet Explorer.

Among the fixes is a patch for a vulnerability being exploited by the Sandworm Team, the name given to a group of Russian hackers who have been taking advantage of a particular zero-day security hole that's been shipping in all versions of Windows (save for Windows XP) for the past several years.

Microsoft Sign
Image Source: Flickr (Robert Scoble)

The fix is question is detailed in Microsoft Security Bulletin MS14-060.

"This bulletin fixes a vulnerability (CVE-2014-4114) that has been actively targeted in the wild and may lead to malicious programs being executed on victim machines. Using a UAC setting to ‘Always Prompt’ helps mitigate the impact of this vulnerability," Microsoft explains.

Two other zero-day flaws will be addressed by the forthcoming Patch Tuesday update, including one that is a privilege escalation vulnerability the could lead to full access of the affected system, and a one that's rated Critical and could allow remote code execution via a crafted TrueType font, both of which were discovered by FireEye.