Ladies and gentlemen, for this National Cyber Security Awareness month, prepare yourself for a monster load of patches and restarts. Microsoft released nine Security Bulletins, but only eight security patches. Although there are five patches for remote code execution vulnerabilities, Microsoft rated only three of those as \u201cCritical.\u201d Since RCE-flavored vulnerabilities can allow an attacker to take control and execute code on your PC, it seems wise to patch all RCE bugs ASAP as if they were all rated Critical. Three of these RCE fixes are for zero-days being exploited in the wild.SandwormYou\u2019ll want to patch CVE-2014-4114 with MS14-060 as a vulnerability in the OLE package manager can be exploited to remotely execute arbitrary code in Microsoft Windows versions Vista SP2 to Windows 8.1 and in Server 2008 and 2012. iSight, working in \u201cclose collaboration with Microsoft\u201d\u2014since before September Patch Tuesday, has tracked and monitored the exploitation of the vulnerability in the wild. A Russian cyber-espionage campaign dubbed \u201cSandworm\u201d was used against targets including a U.S. academic organization, NATO, Ukrainian and Western European government organizations, European telecommunication firms and energy sector firms in Poland.iSight added:The vulnerability exists because Windows allows the OLE packager (packager .dll) to download and execute INF files. In the case of the observed exploit, specifically when handling Microsoft PowerPoint files, the packagers allows a Package OLE object to reference arbitrary external files, such as INF files, from untrusted sources.This will cause the referenced files to be downloaded in the case of INF files, to be executed with specific commands. An attacker can exploit this vulnerability to execute arbitrary code but will need a specifically crafted file and use social engineering methods (observed in this campaign) to convince a user to open it.Let that be a lesson to highlight one more reason never to use PowerPoint again\u2026.just kidding. However, patching the vulnerability is no joke.Despite the name, Sandworm \u201cis not a \u2018worm\u2019 in the sense of computer virus that can self-propagate.\u201d (It's a hat tip to killer worms in the movie Dune.) Ross Barrett, senior manager of security engineering at Rapid7, added, \u201cThe average system administrator or home users should not panic about Sandworm.\u2026This is a local file format exploit\u201d and \u201cnot a remote.\u201d Nevertheless, Microsoft\u2019s deployment chart shows it as an \u201cImportant\u201d fix for an RCE.3 Critical RCE vulnerability patchesMicrosoft\u2019s deployment schedule shows three zero-days, yet only two of those are rated Critical and suggested to be deployed first.MS14-056 closes 14 privately reported RCE bugs in Internet Explorer. It\u2019s listed as a top priority for deployment with an exploitability index of zero meaning it\u2019s in the wild. It\u2019s rated Critical for IE 6 \u2013 11 on Windows clients and moderate for IE 6 \u2013 11 on Windows Servers 2008 and 2012.MS14-058 fixes two privately reported RCE flaws in Microsoft Windows kernel-mode driver. It is rated as Critical and affects all supported versions of Windows. It is the second zero-day Microsoft patched this month.MS14-057 resolves three privately reported RCE vulnerabilities in Microsoft\u2019s .Net framework. Rated Critical, it has an exploitability index of one.5 patches for vulnerabilities rated as ImportantThe two RCE fixes rated as Important are MS14-060 and MS14-061. MS14-060 addresses the zero-day OLE \u201cSandworm\u201d vulnerability revealed by iSight. MS14-061 patches one privately reported flaw in Microsoft Office, specifically \u201cMicrosoft Word 2007, Microsoft Office 2007, Microsoft Word 2010, Microsoft Office 2010, Microsoft Office for Mac 2011, Microsoft Office Compatibility Pack, Word Automation Services, and Microsoft Office Web Apps Server 2010.\u201d Microsoft recommends deploying these two patches second.MS14-062 and MS14-063 are the fixes for elevation of privilege flaws. MS14-062 addresses a publicly disclosed hole in Microsoft Windows Message Queuing Service and is rated as \u201cImportant\u201d with an exploitability index of one for all supported editions of Windows Server 2003. \u201cSuccessful exploitation of this vulnerability could lead to full access to the affected system.\u201dRated as Important for all supported editions of Windows Server 2003, Windows Vista, and Windows Server 2008, MS14-063 resolves one privately reported EoP bug \u201cin the way the Windows FASTFAT system driver interacts with FAT32 disk partitions.\u201d Microsoft rates it as a two on its exploitability index.MS14-059 fixes one publicly disclosed security feature bypass bug in ASP.NET MVC, specifically ASP.NET MVC 2, ASP.NET MVC 3, ASP.NET MVC 4, ASP.NET MVC 5, and APS.NET MVC 5.1. It\u2019s recommended as one of three patches to be deployed third, but is the only one this month with an exploit index of three.Microsoft \u201crevised Security Bulletin MS14-042: Vulnerability in Microsoft Service Bus Could Allow Denial of Service (2972621) and Security Advisory 2755801: Update for Vulnerabilities in Adobe Flash Player in Internet Explorer.\u201d Tracey Pretorius, Director of Microsoft's Response Communications, added:Microsoft also announced upcoming updates to the out-of-date ActiveX control blocking feature. Beginning November 11, 2014, the out-of-date ActiveX control blocking feature will automatically be expanded to block outdated versions of Silverlight, in addition to outdated versions of Java. It is also being expanded to support Internet Explorer 9 on Windows Vista SP2 and Windows Server 2008 SP2.You can grab Adobe\u2019s patch for Flash Player here and hotfixes for ColdFusion here. Adobe promised it will soon release a patch for the privacy hole in Digital Editions 4.But wait, there\u2019s more! Lucky you, Oracle rolled out its quarterly critical patch update which includes 155 security fixes \u201cacross \u2018hundreds\u2019 of Oracle products."After you\u2019ve protected all machines under your care from any nasty tricks, then it\u2019s time to treat yourself to chocolate and a beer (or whatever makes you happy). Happy patching!