It was Patch Tuesday and as usual Microsoft issued security bulletins; this time they had eight that address two dozen vulnerabilities, including a bug exploited by Russian hackers to target NATO computers, officials said.
Issued as part of its October edition of Patch Tuesday, the updates address vulnerabilities found in all currently supported versions of Windows, Internet Explorer, Office and the .Net framework. Three of the bulletins are critical, meaning Microsoft recommends systems administrators apply the patches immediately.
Security researcher FireEye identified two of three Zero Day bugs used as “part of limited, targeted attacks against some major corporations.”
One of the patches addresses a remote code execution flaw in all supported versions of Microsoft Windows and Windows Server 2008 and 2012 exploited in the “Sandworm” cyberattack. The exploit was part of a five-year cyberespionage campaign, according to security firm iSight.
A team of hackers previously launched campaigns targeting the U.S. and EU intelligence communities, military establishments, news organizations and defense contractors — as well as jihadists and rebels in Chechnya, iSight said. However, focus turned toward the Ukrainian conflict with Russia, energy industries and political issues concerning Russia based on evidence gleaned from phishing emails.
Microsoft rated the flaw as important rather than critical because it requires a user to open a Microsoft Office file to initiate the code execution.
“A vulnerability exists in Windows OLE that could allow remote code execution if a user opens a file that contains a specially crafted OLE object,” Microsoft said in its bulletin. “An attacker who successfully exploited this vulnerability could gain the same user rights as the logged-on user.”
Another Zero Day flaw addressed by the update is a privilege escalation vulnerability that “could lead to full access to the affected system,” Microsoft said in its bulletin.
A third Zero Day in Windows rated as critical and patched could allow remote code execution when a victim visits opens a document or visits a malicious website that contains embedded TrueType fonts.