Zero-day vulnerabilities discovered: 20
Privilege escalation
The vulnerability allows a remote authenticated attacker to obtain elevated privileges on the target system.Exploited by Duqu.
The vulnerability was reported by Qualcomm Information Security & Risk Management team.
Software: Windows
Links:
https://technet.microsoft.com/library/security/MS14-068
https://blogs.technet.microsoft.com/srd/2014/11/18/additional-information-about-cve-2014-6324/
http://securityaffairs.co/wordpress/30320/security/microsoft-patch-kerberos-bug.html
https://www.symantec.com/security_response/vulnerability.jsp?bid=70958
https://www.netiq.com/communities/cool-solutions/detecting-windows-kerberos-implementation-elevation...
Privilege escalation
The vulnerability allows a remote authenticated attacker to obtain elevated privileges on the target system.CVE-2014-4077 used in targeted attack in the wild to bypass Adobe Reader Sandbox via binary hijacking using malicious DIC file.
Software: Windows
Code injection
The vulnerability allows a remote attacker to execute arbitrary code on the target system.Microsoft first received information about this vulnerability through coordinated vulnerability disclosure. Zero-day was initially found and reported to McAfee by James Forshaw of Google Project Zero.
The vulnerability is publicly known as "Sandworm" and has been exploited by the Chinese against Taiwan.
Software: Windows
Known/fameous malware:
Trojan.Mdropper. (Symantec).
Links:
https://technet.microsoft.com/en-us/library/security/ms14-064
http://blog.trendmicro.com/trendlabs-security-intelligence/microsoft-windows-hit-by-new-zero-day-att...
https://malwarelist.net/2014/10/22/cve-2014-6352-critical-vulnerability-in-microsoft-windows/
https://www.symantec.com/connect/blogs/attackers-circumvent-patch-windows-sandworm-vulnerability
http://www.theregister.co.uk/2014/10/22/powerpoint_attacks_exploit_ms_0day/
http://www.computerworld.com/article/2837084/microsoft-misses-windows-bug-hackers-slip-past-patch.ht...
https://nakedsecurity.sophos.com/2014/10/24/has-the-sandworm-exploit-burrowed-back/
http://www.eweek.com/security/microsoft-patches-33-vulnerabilities-in-november-patch-tuesday-update....
https://techtalk.gfi.com/the-lesson-of-sandworm-patched-but-not-protected/
Privilege escalation
The vulnerability allows a remote attacker to obtain elevated privileges on the target system.CrowdStrike first detected the attacks in spring.
The zero-day reported by CrowdStrike was also reported by FireEye.
The issue has been introduced in 07/27/2005.
The vulnerability was handled as a non-public zero-day exploit for at least 3366 days.
Exploited by Hurricane Panda.
Software: Microsoft Internet Explorer
Links:
https://blogs.technet.microsoft.com/srd/2014/10/14/assessing-risk-for-the-october-2014-security-upda...
https://technet.microsoft.com/library/security/ms14-056
https://blog.qualys.com/laws-of-vulnerabilities/2014/10/14/october-2014-patch-tuesday
https://www.symantec.com/security_response/vulnerability.jsp?bid=70326
http://www.darkreading.com/attacks-breaches/hurricane-panda-cyberspies-used-windows-zero-day-for-mon...
https://computerobz.wordpress.com/2014/10/22/october-2014-patch-tuesday-addresses-four-active-zero-d...
Improper input validation
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability was highly exploited by advanced adversary group named HURRICANE PANDA.
Software: Windows
Links:
https://www.fireeye.com/blog/threat-research/2014/10/two-targeted-attacks-two-new-zero-days.html
https://technet.microsoft.com/en-us/library/security/ms14-058.aspx
http://security.stackexchange.com/questions/92164/the-way-vulnerabilities-like-cve-2014-4148-are-dis...
https://www.scmagazine.com/zero-day-attackers-exploit-windows-kernel-patch-tuesday-brings-fix/articl...
http://www.securityweek.com/multiple-patch-tuesday-vulnerabilities-under-attack
http://www.capitalcomputercentre.com/best-way-to-remove-s3traypd-exeexp-cve-2014-4148-exp-cve-2014-4...
Improper input validation
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The zero-day vulnerability is being claimed to have been used in early September in possible campaigns against NATO, Ukrainian government
organizations, Western European government organization, Energy Sector firms (specifically in Poland), European telecommunications firms, United States academic organizations.
Files in the SandWorm exploit hilighted by iSIGHT Partners include a malicious executable from a known malware family, namely the BlackEnergy Trojan.
Software: Windows
Known/fameous malware:
Dyreza Trojan.
SandWorm
BlackEnergy Trojan.
Links:
https://technet.microsoft.com/en-us/library/security/ms14-060
http://blog.trendmicro.com/trendlabs-security-intelligence/an-analysis-of-windows-zero-day-vulnerabi...
https://citizenlab.org/2015/06/targeted-attacks-against-tibetan-and-hong-kong-groups-exploiting-cve-...
http://security.stackexchange.com/questions/70894/windows-ole-vulnerability-cve-2014-4114-sandworm
http://thehackernews.com/2014/10/microsoft-windows-zero-day_13.html
https://www.cyphort.com/cve-2014-4114-sandworm-worm/
https://www.symantec.com/security_response/writeup.jsp?docid=2014-102322-3150-99
https://www.symantec.com/connect/blogs/sandworm-windows-zero-day-vulnerability-being-actively-exploi...
https://threatpost.com/dyreza-banker-trojan-attackers-exploiting-cve-2014-4114-windows-flaw/109071/
Privilege escalation
The vulnerability allows a local attacker to obtain elevated privileges on the target system.The vulnerability was apparently found and reported to Microsoft by both СrowdStrike and FireEye.
The vulnerability has been actively exploited in the wild for at least five month by highly advanced adversary group named HURRICANE PANDA.
Software: Windows
Known/fameous malware:
Nuclear Exploit Kit.
Links:
https://technet.microsoft.com/en-us/library/security/ms14-058
https://dl.packetstormsecurity.net/papers/attack/CVE-2014-4113.pdf
https://www.crowdstrike.com/blog/crowdstrike-discovers-use-64-bit-zero-day-privilege-escalation-expl...
https://www.fireeye.com/blog/threat-research/2014/10/two-targeted-attacks-two-new-zero-days.html
http://blog.trendmicro.com/trendlabs-security-intelligence/an-analysis-of-a-windows-kernel-mode-vuln...
http://securityaffairs.co/wordpress/29270/security/microsoft-fixes-3-zero-day.html
http://www.securityweek.com/multiple-patch-tuesday-vulnerabilities-under-attack
https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-lab-exploiting-cve-2014-4113.pdf
Information disclosure
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.PoC-code for this vulnerability was available since at least April 25, 2013.
Software: Microsoft Internet Explorer
Known/fameous malware:
Exploit kits: Angler, Rig, Nuclear, Styx.
Links:
https://technet.microsoft.com/en-us/library/security/ms14-052.aspx
https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=70103
http://www.securityweek.com/microsoft-patches-internet-explorer-vulnerability-targeted-attackers
http://www.pcworld.com/article/2604688/internet-explorer-steals-the-patch-tuesday-spotlight-again.ht...
http://www.csoonline.com/article/2607297/data-protection/microsoft-patch-fixed-ie-flaw-used-against-...
https://securelist.com/blog/software/66474/microsoft-updates-september-2014-apt-loses-a-trick-remini...
https://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-evolution-of-...
https://labs.bromium.com/2014/09/16/pirates-of-the-internetz-the-curse-of-the-waterhole/
https://www.scmagazine.com/watering-hole-attack-targets-website-visitors-of-oil-and-gas-start-up/art...
http://www.scmagazineuk.com/rsa-2016-fingerprinting-the-latest-twist-used-for-malvertising-attacks/a...
Privelege escalation
The vulnerability allows a remote attacker to obtain elevated privileges on the target system.Software: Microsoft Internet Explorer
Security bypass
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The issue has been introduced in 01/30/2007.
Software: Microsoft Office
Privilege escalation
The vulnerability allows a remote authenticated attacker to obtain elevated privileges on the target system.Software: Windows
Links:
https://technet.microsoft.com/en-us/library/security/ms14-025
https://dirteam.com/sander/2014/05/23/security-thoughts-passwords-in-group-policy-preferences-cve-20...
https://www.tripwire.com/state-of-security/vulnerability-management/vert-alert-may-2014-microsoft-pa...
https://www.sophos.com/en-us/threat-center/threat-analyses/vulnerabilities/VET-000604.aspx
“Use-after-free†error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.CVE-2014-1815 was reported to Microsoft by Clement Lecigne, a security engineer who works for Google in its Swiss office.
The vulnerability was used in the phishing campaign started on or about July 21, 2014 and primarily targeting the energy industry.
Software: Microsoft Internet Explorer
Links:
https://technet.microsoft.com/en-us/library/security/ms14-029
https://www.symantec.com/security_response/writeup.jsp?docid=2014-051503-4437-99
https://www.mysonicwall.com/sonicalert/searchresults.aspx?ev=article&id=721
http://researchcenter.paloaltonetworks.com/2014/07/beginning-end-use-free-exploitation/
http://blog.trendmicro.com/trendlabs-security-intelligence/may-2014-patch-tuesday-rolls-out-8-bullet...
http://www.securityweek.com/microsoft-adobe-patch-critical-security-vulnerabilities
Privilege escalation
The vulnerability allows a local attacker to obtain elevated privileges on the target system.Software: Windows
“Use-after-free†error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The vulnerability uses a heap-spray technique. Used in Pawn Storm campaign.
Used by APT groups.
Software: Microsoft Internet Explorer
Links:
https://technet.microsoft.com/en-US/library/security/2963983
https://technet.microsoft.com/en-us/library/security/ms14-021.aspx
https://www.fireeye.com/blog/threat-research/2014/04/new-zero-day-exploit-targeting-internet-explore...
https://blog.fortinet.com/2014/05/27/a-technical-analysis-of-cve-2014-1776
https://www.symantec.com/connect/blogs/emerging-threat-microsoft-internet-explorer-zero-day-cve-2014...
https://support.norton.com/sp/en/us/home/current/solutions/v98738922_EndUserProfile_en_us
https://www.trustwave.com/Resources/SpiderLabs-Blog/Microsoft-Internet-Explorer-0-Day-(CVE-2014-1776...
https://www.cyphort.com/dig-deeper-ie-vulnerability-cve-2014-1776-exploit/
http://researchcenter.paloaltonetworks.com/2014/05/tale-3-vulnerabilities-cve-2014-1776-exploit-link...
http://blog.trendmicro.com/trendlabs-security-intelligence/internet-explorer-zero-day-hits-all-versi...
https://www.beyondtrust.com/blog/internet-explorer-0day-cve-2014-1776/
http://thehackernews.com/2014/04/new-zero-day-vulnerability-cve-2014.html
https://krebsonsecurity.com/tag/cve-2014-1776/
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.Used in Pawn Storm campaign, attacks against government agencies in Taiwan.
Software: Microsoft Office
Known/fameous malware:
Trojans like Dridex or Dyreza and ransomware like cryptolocker or Teslacrypt.
Links:
https://technet.microsoft.com/en-us/library/security/2953095.aspx
https://technet.microsoft.com/en-us/library/security/ms14-017
https://securingtomorrow.mcafee.com/mcafee-labs/close-look-rtf-zero-day-attack-cve-2014-1761-shows-s...
https://community.hpe.com/t5/Security-Research/Technical-Analysis-of-CVE-2014-1761-RTF-Vulnerability...
https://www.trustwave.com/Resources/SpiderLabs-Blog/Microsoft-Word-RTF-0-Day-(CVE-2014-1761)/
http://stopmalvertising.com/malware-reports/a-closer-look-at-cve-2014-1761.html
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2014/june/extracting-the-payload-fr...
https://blog.cylance.com/infinity-vs-the-real-world-ms-word-vulnerability-cve-2014-1761
https://myonlinesecurity.co.uk/reswift-copy-word-doc-malware-cve-2014-1761-exploit/
https://www.symantec.com/connect/blogs/emerging-threat-microsoft-word-zero-day-cve-2014-1761-remote-...
https://avstrike.wordpress.com/2015/05/05/exploit-cve-2014-1761-gen-removal-guide-2/
http://www.securityweek.com/new-microsoft-word-zero-day-used-targeted-attacks
https://blog.yoocare.com/remove-exploit-cve-2014-1761-gen/
https://www.crowdstrike.com/blog/cve-2014-1761-alley-compromise/
http://arstechnica.com/security/2014/03/zero-day-vulnerability-in-microsoft-word-under-active-attack...
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.On Feb. 11, FireEye researchers identified a zero-day exploit in Internet Explorer 10.
The exploit was being used in Operation SnowMan that compromised the U.S. Veterans of Foreign Wars website.
Software: Microsoft Internet Explorer
Known/fameous malware:
Elderwood exploit kit.
Links:
https://technet.microsoft.com/en-us/library/security/ms14-012.aspx
https://www.symantec.com/security_response/vulnerability.jsp?bid=66040
http://researchcenter.paloaltonetworks.com/2014/07/beginning-end-use-free-exploitation/
http://www.computerworld.com/article/2489451/malware-vulnerabilities/-elderwood--hackers-still-setti...
http://www.darkreading.com/researchers-recent-zero-day-attacks-linked-via-common-exploit-package/d/d...
https://ae.norton.com/security_response/print_writeup.jsp?docid=2014-031311-2821-99
https://hackermedicine.com/how-the-elderwood-platform-is-fueling-2014s-zero-day-attacks/
http://104.239.158.70/elderwood-attack-platform-linked-multiple-internet-explorer-zero-day-attacks-s...
http://www.cio.com/article/2376236/security0/-elderwood--hackers-continue-to-set-pace-for-zero-day-e...
https://www.symantec.com/connect/blogs/attackers-targeting-other-ie-zero-day-vulnerability-covered-m...
https://www.symantec.com/connect/blogs/operation-backdoor-cut-targeted-basketball-community-ie-zero-...
“Use-after-free†error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The flaw was most likely introduced in August 2013. The vulnerability was reported to vendor - 2014-02-04.
Private fully functional exploit code existed long before the vendor released security patch. We consider this vulnerability a zero-day.
Software: Microsoft Internet Explorer
Known/fameous malware:
JS/Exploit.CVE-2014-0307.
Links:
https://technet.microsoft.com/library/security/ms14-012
https://www.symantec.com/security_response/vulnerability.jsp?bid=66032
http://ec2-75-101-158-109.compute-1.amazonaws.com/news/stories/33351-microsoft-internet-explorer-mem...
http://www.csoonline.com/article/2888040/cyber-attacks-espionage/the-top-software-exploit-of-2014-th...
http://www.techcentral.ie/top-exploit-2014-stuxnet-2010/
https://github.com/CCrashBandicot/helpful/blob/master/CVE-2014-0307.rb
Use-after-free error
The vulnerability allows a remote attacker to execute arbitrary code on the target system.A zero-day exploit hosted on a breached website based in the U.S Military. The vulnerability was used in the wild as part of "Operation SnowMan".
Software: Microsoft Internet Explorer
Known/fameous malware:
Trojan.Malscript
Trojan.Swifi.
Backdoor.Moudoor
Elderwood exploit kit.
Links:
https://technet.microsoft.com/library/security/2934088
https://www.fireeye.com/blog/threat-research/2014/02/new-ie-zero-day-found-in-watering-hole-attack-2...
http://securityaffairs.co/wordpress/25002/hacking/elderwood-platform-still-active.html
https://technet.microsoft.com/en-us/library/security/ms14-012.aspx
https://www.symantec.com/connect/blogs/emerging-threat-ms-ie-10-zero-day-cve-2014-0322-use-after-fre...
https://labs.bromium.com/2014/02/25/dissecting-the-newest-ie10-0-day-exploit-cve-2014-0322/
http://thehackernews.com/2014/02/cve-2014-0322-internet-explorer-zero.html
https://blogs.forcepoint.com/security-labs/cyber-criminals-expand-use-cve-2014-0322-patch-tuesday
http://securityaffairs.co/wordpress/22224/cyber-crime/fireeye-watering-hole-attack.html
http://www.zdnet.com/article/new-internet-explorer-10-zero-day-exploit-targets-u-s-military/
http://www.eweek.com/blogs/security-watch/microsoft-ie-zero-day-exploited-in-the-wild.html
http://54.204.81.18/news/stories/269204-cyber-criminals-expand-use-of-cve-2014-0322-before-patch-tue...
ASLR bypass
The vulnerability allows a remote attacker to bypass security restrictions on the target system.Software: Microsoft .NET Framework
Information disclosure
The vulnerability allows a remote attacker to obtain potentially sensitive information on the target system.Microsoft and FireEye first discussed this issue in November, 2013.
Software: Microsoft XML Core Services