Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Patches OLE Zero-Day Vulnerability

Posted by Soulskill on from the putting-right-what-once-went-wrong dept.

msm1267 writes: Microsoft today released a patch for a zero-day vulnerability under active exploit in the wild. The vulnerability in OLE, or Microsoft Windows Object Linking and Embedding, enables a hacker to remotely execute code on an infected machine, and has been linked to attacks by the Sandworm APT group against government agencies and energy utilities. Microsoft also issued a massive Internet Explorer patch, but warned organizations that have deployed version 5.0 of its Enhanced Mitigation Experience Toolkit (EMET) to upgrade to version 5.1 before applying the IE patches. Version 5.1 resolves some compatibility issues, in addition to several mitigation enhancements.

2 of 37 comments (clear)

  1. Re:Is There A Fix for XP? by The+New+Guy+2.0 · · Score: 3, Insightful

    This is the knockout blow to XP... an announced unpatched flaw!

  2. Re:Good job MS by pushing-robot · · Score: 3, Insightful

    "Zero day" means the first exploit hasn't been spotted

    What?

    Microsoft announced the patch and the problem at the same time

    Did you even read the summary?

    --
    How can I believe you when you tell me what I don't want to hear?