October 2014 Patch Tuesday Fixes Sandworm Vulnerability

Three out of nine security bulletins in today’s Microsoft Patch Tuesday are marked as Critical while the rest are tagged as Important The patches address vulnerabilities found in Internet Explorer, and Microsoft .NET Framework, including the zero-day exploit affecting Microsoft Windows. MS14-060 discusses the Sandworm zero-day vulnerability which was discussed earlier in the week.

Based on our analysis, attackers may use this vulnerability to create/execute malware payloads, given that it not too difficult to exploit. Attackers can just know the format and create their own PowerPoint exploit. Trend Micro detects the exploit as TROJ_MDLOAD.PGTY, and its payloads as INF_BLACKEN.A and BKDR_BLACKEN.A. Currently, it is believed that this zero-day was used in cyber attacks against European sectors and industries.

Another critical vulnerability that users need to note is MS14-056 which fixes several vulnerabilities in Internet Explorer. Once successfully exploited, this could possibly lead to remote code execution. Similarly, MS14-057, another bulletin tagged as Critical could lead to remote code execution when successfully exploited by remote attackers.

Adobe also released security updates today to address vulnerabilities affecting certain versions of ColdFusion and Adobe Flash Player. These are covered under the following CVEs:

CVE-2014-0558
CVE-2014-0564
CVE-2014-0569
CVE-2014-0570
CVE-2014-0571
CVE-2014-0572

We highly recommend users to patch their systems and update their Adobe products to its latest versions. The Sandworm zero-day highlights the importance of patching as this can be used by cybercriminals and threat actors to infiltrate the network and potentially steal confidential company data and other type of information.

Trend Micro Deep Security and Office Scan with the Intrusion Defense Firewall (IDF) plugin protect user systems from threats that may leverage these vulnerabilities following DPI rules:

1006267 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4126)
1006268 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4127)
1006269 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4128)
1006270 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4129)
1006271 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4130)
1006282 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4132)
1006274 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4133)
1006279 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4134)
1006273 – Microsoft Internet Explorer Memory Corruption Vulnerability (CVE-2014-4138)
1006283 – Microsoft Word And Office Web Apps Remote Code Execution Vulnerability (CVE-2014-4117)
1000552 – Generic Cross Site Scripting(XSS) Prevention
1006290 – Microsoft Windows OLE Remote Code Execution Vulnerability (CVE-2014-4114)
1006291 – Microsoft Windows OLE Remote Code Execution Vulnerability (CVE-2014-4114) – 1