JPCERT-AT-2014-0043 JPCERT/CC 2014-10-22 <<< JPCERT/CC Alert 2014-10-22 >>> Alert regarding unaddressed vulnerability in Microsoft OLE from October 2014 https://www.jpcert.or.jp/english/at/2014/at140043.html I. Overview Microsoft OLE contains an unaddressed vulnerability. As a result, a remote attacker may execute arbitrary code by forcing a user to open a specially crafted Microsoft Office file that contains an OLE object. Microsoft Security Advisory 3010060 Vulnerability in Microsoft OLE Could Allow Remote Code Execution https://technet.microsoft.com/en-us/library/security/3010060 According to Microsoft, targeted attacks leveraging this vulnerability have been observed. II. Affected Versions Affected products and versions are listed below. - Windows Vista Service Pack 2 - Windows Vista x64 Edition Service Pack 2 - Windows Server 2008 for 32-bit Systems Service Pack 2 - Windows Server 2008 for x64-based Systems Service Pack 2 - Windows Server 2008 for Itanium-based Systems Service Pack 2 - Windows 7 for 32-bit Systems Service Pack 1 - Windows 7 for x64-based Systems Service Pack 1 - Windows Server 2008 R2 for x64-based Systems Service Pack 1 - Windows Server 2008 R2 for Itanium-based Systems Service Pack 1 - Windows 8 for 32-bit Systems - Windows 8 for x64-based Systems - Windows 8.1 for 32-bit Systems - Windows 8.1 for x64-based Systems - Windows Server 2012 - Windows Server 2012 R2 - Windows RT - Windows RT 8.1 For more details, refer to the Microsoft Security Advisory (3010060). III. Solution As of October 22, 2014 (Japan time), Microsoft has not released a security program to address this vulnerability. They have released a "Microsoft Fix it" solution as a workaround. IV. Workaround Microsoft has released workarounds for this vulnerability. Until a security update program is released, consider applying one of the workarounds provided. Prior to applying a workaround, please test the effects that the workaround may have to other systems. - Apply Microsoft Fix it 51026 Vulnerability in Microsoft OLE could allow remote code execution https://support2.microsoft.com/kb/3010060/en - Add a setting to use the Attack Surface Reduction (ASR) function in the Enhanced Mitigation Experience Toolkit (EMET) Enhanced Mitigation Experience Toolkit https://technet.microsoft.com/en-us/security/jj653751 For details on each of the workarounds, refer to Microsoft Security Advisory (3010060). V. References Microsoft Microsoft Security Advisory 3010060 https://technet.microsoft.com/en-us/library/security/3010060 Microsoft Vulnerability in Microsoft OLE could allow remote code execution https://support2.microsoft.com/kb/3010060/en Microsoft Security Advisory 3010060 Annoucement "Remote code execution due to vulnerability in Microsoft OLE" http://blogs.technet.com/b/jpsecurity/archive/2014/10/22/advisory-3010060.aspx ====================================================================== JPCERT Coordination Center (JPCERT/CC) MAIL: info@jpcert.or.jp TEL: +81-3-3518-4600 FAX: +81-3-3518-4602 https://www.jpcert.or.jp/english/