Microsoft Patches OLE Zero-Day Vulnerability

Posted by Soulskill on Tuesday November 11, 2014 @11:10AM from the putting-right-what-once-went-wrong dept.

msm1267 writes: Microsoft today released a patch for a zero-day vulnerability under active exploit in the wild. The vulnerability in OLE, or Microsoft Windows Object Linking and Embedding, enables a hacker to remotely execute code on an infected machine, and has been linked to attacks by the Sandworm APT group against government agencies and energy utilities. Microsoft also issued a massive Internet Explorer patch, but warned organizations that have deployed version 5.0 of its Enhanced Mitigation Experience Toolkit (EMET) to upgrade to version 5.1 before applying the IE patches. Version 5.1 resolves some compatibility issues, in addition to several mitigation enhancements.

2 of 37 comments (clear)

Min score:

Reason:

Sort:

Re:Good job MS by Anonymous Coward · 2014-11-11 11:24 · Score: 3, Funny

This anonymous guy is right, at least with Microsoft you're paying for top vulnerabilities versus with Linux, you just get the vulns which people half heartedly create... I know where my money is going!
Re:why is it red? by Anonymous Coward · 2014-11-11 15:01 · Score: 4, Funny

why is it red?
Comments are disabled to allow Microsoft time to assemble a team of Social Media Manglers (SMMs). Their job is to ensure discussion of yet another failure is framed so as to minimize the harm to their client's reputation.
It's part of Microsoft's TOS with the very dicey new Slashdot.