Microsoft patches Sandworm vulnerability

The vulnerability allows for someone to remotely execute code on another's computer if a user opens a compromised file with a specially crafted OLE object

Victor Barreiro Jr.

@vbarreirojr

Published 3:07 PM, October 15, 2014

Updated 3:07 PM, October 15, 2014

MANILA, Philippines – Microsoft released a security update Tuesday, October 14, patching a zero-day vulnerability in Windows operating systems that could allow an attacker to gain access to Windows PCs.

The vulnerability, formally called CVE-2014-4114, allows for "remote code execution if a user opens a file that contains a specially crafted OLE object,” such as a compromised Powerpoint file.

Microsoft notes the following operating systems as being affected by Sandworm:

Windows Vista – Service Pack 2, including standard and x64 versions
Windows Server 2008 – Service Pack 2, including x32, x64 and Itanium-based versions
Windows 7 – Service Pack 1 for x32 and x64 versions
Windows Server 2008 R2 – Service Pack 1 for x64 and Itanium-Based versions
Windows 8 and 8.1 – includes 32-bit and x64 versions
Windows Server 2012
Windows Server 2012 R2
Windows RT and RT 8.1

Users of the following OS types should check for updates to their systems and patch accordingly. – Rappler.com

Microsoft patches Sandworm vulnerability

Victor Barreiro Jr.

Subscribe