• United States



Senior Staff Writer

Microsoft’s monthly update fixes two Zero-Day vulnerabilities

Oct 14, 20142 mins
CybercrimeData and Information SecurityMalware

FireEye says that both Zero-Days are being exploited in the wild

Later today, as part of their monthly update, Microsoft will release nine bulletins, correcting problems in Internet Explorer, all of their currently supported operating systems, Office, Share Point Server, and .NET.

Three of these bulletins are rated critical, and according to FireEye, one of them will fix two Zero-Day vulnerabilities that are being actively exploited in the wild.

FireEye’s research team identified the two Zero-Day vulnerabilities after seeing them used in targeted attacks “against some major corporations.”

The victims were not named, but FireEye pointed out that each Zero-Day was being used separately in unrelated attacks.

CVE-2014-4148 is a flaw in Microsoft’s TrueType Font (TTF) processing subsystem. Attackers are using an Office document to deliver the malicious TTF, which when opened, enables kernel-mode access to the compromised host.

However, while Office documents are being used to deliver the TTF, the flaw itself does not reside in Office, this is an OS issue.

FireEye says that both the 32-bit and 64-bit versions of Windows are impacted by the TTF flaw, but so far the attacks are only targeting the 32-bit versions.

The malware delivered after successful exploitation has specific functions depending on the operating system version, including Windows 8 / 8.1; Windows Server 2012 / 2012 R2; Windows 7; Windows Server 2008 R2 (SP 0 and SP 1); and Windows XP SP3.

The other Zero-Day vulnerability is CVE-2014-4113, which is a local elevation of privilege vulnerability. This flaw has been observed in attacks against Windows Server 2003/R2 & 2008/R2, Windows 2000, Windows Vista, and Windows XP SP3.

“[This] vulnerability cannot be used, on its own, to compromise a customer’s security. An attacker would first need to gain access to a remote system running any of the above operating systems before they could execute code within the context of the Windows Kernel. Investigation by FireEye Labs has revealed evidence that attackers have likely used variations of these exploits for a while,” FireEye said in an emailed report on the flaws.

FireEye will be publishing further details later today on the vulnerabilities and how they’re being used by the attackers. Microsoft, in a statement on Monday, said that both flaws would be fixed later today in MS14-058.

“On October 14, 2014, Microsoft released MS14-058 to fully address these vulnerabilities and help protect customers. We appreciate FireEye Labs using Coordinated Vulnerability Disclosure to assist us in working toward a fix in a collaborative manner that helps keep customers safe.”