A few days ago 14IE flows have been closed. In September the IT specialists warned that the Aurora Panda/DeputyDog actor has lost its IE 0day for being patched and that as found unusual. In October several other vulnerabilities have been abused with 0day exploits and the ART actors have been publicly noted. Thus, in the middle of October Microsoft had pushed eight bulletins MS14-056 through MS14-063, three of which being critical.
The recent vulnerabilities have two that seem most interesting. They are enabled by the functionality of Windows and are useful for phishing targets with different well-known data file attachments such as PowerPoint, Excel, Word, etc. The first two enumerated remind us on the Dugu attacks.
The OLE vulnerability patched MS14-060 was rated as important by Microsoft. The Sandworm team APT was deployed CVE-2014-4114 in different incidents against targets. This group was popular with the new BlackEnergy bot variants in different cyber-espionage campaigns that are attacking geopolitical and military targets. On one occasion, the team sent to the Ukrainian government and several US academic organizations spearphish in the form of a PowerPoint slide deck, that contained 0day OLE exploit. When this presentation opened, it brought different variants of the BlackEnergy to the systems of the victims. The characteristics of the BlackEnergy Trojans include modules and custom plugin and are dedicated to different cyber espionage tasks.
At the same time the Hurricane Panda team tried to exploit CVE-2014-4113 in targeted environments. This bug is also to be found in the Windows kernel code and is patched with the MS14-058 bulletin as well. The update of the Internet Explorer is focused on fourteen vulnerabilities, which are rated as critical for IE6 through IE11. Luckily, these vulnerabilities do not affect the Server Core installations.
In order to plug critical security holes in their products, Oracle, Microsoft ad Adobe has released updates. Adobe now offers patches for the software of Adobe Air and for its Flash Player. Oracle has a patch for fixing more than 35 Java flaws. As stated above, Microsoft released patches to fix two dozen vulnerabilities found in Internet Explorer, Office and .NET.
The Sandworm threat
The iSightPartners have also released research on the Sandworm threat, used by the hackers in Russia for cyber espionage campaigns. The Sandworm threat is one of the vulnerabilities being patched this week. This flaw seems to be present in each Windows supported version. Microsoft issued an advisory on the zero-day vulnerability, according to which the bug allows remote code execution in case the user opens a specially crafted malicious Microsoft Office document. The flaw has been used in special email attacks on various Western government organizations, Ukrainian government and NATO, as well as on attacks on the energy sector.
Most of the other vulnerabilities that have been fixed this month with patches concerned the Internet Explorer flaws. In addition, Adobe has issued its regular updates for its AIR and Flash Player products. These patches plugged at least three of the important security holes in the products, mentioned above.
Currently, Adobe pointed out that they are not aware of any active attacks against these vulnerabilities. Adobe offered Flash updates for Windows, Linux and Mac versions. The users of Adobe Flash Player desktop for Macintosh and Windows have to update to Adobe Flash Player 220.127.116.11. The users with IE10/IE11 on Windows 8.x and Chrome need to auto-update their Flash versions. The most up to date version of Flash is available from the home page of Flash. Yet the user should be on the alert for unwanted add-ons such as McAfee Security Scan. They should uncheck the box before the download process or should get OS-specific Flash download.
Those that are using Adobe AIR, should update this program. It has an auto-update function, which the user can update when they start the application. The newest version here is called v. 18.104.22.1683 and it is applied for Windows, Mac, and Android.
Oracle is also launched an update for its Java software, which corrects more than two dozens of software security flaws. The company confirms that 22 of the vulnerabilities mentioned could be exploited remotely without authentication. Those users who need Java for certain websites or various applications, should update their software. There are updates available at Java.com, as well as through the Java Control Panel. The update through the control panel may result in auto selection of third-party software. Java program is better to be removed altogether if there is no specific use for it as it has many security halls and is thus among the main targets of the malware criminals.
In case Java has to be used, then the user should unplug it from the main browser and consider a second browser where Java is plugged in for the sites that require Java. JavaRa is also recommended by the experts for removing older versions and upgrading.