Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Patches OLE Zero-Day Vulnerability

Posted by Soulskill on from the putting-right-what-once-went-wrong dept.

msm1267 writes: Microsoft today released a patch for a zero-day vulnerability under active exploit in the wild. The vulnerability in OLE, or Microsoft Windows Object Linking and Embedding, enables a hacker to remotely execute code on an infected machine, and has been linked to attacks by the Sandworm APT group against government agencies and energy utilities. Microsoft also issued a massive Internet Explorer patch, but warned organizations that have deployed version 5.0 of its Enhanced Mitigation Experience Toolkit (EMET) to upgrade to version 5.1 before applying the IE patches. Version 5.1 resolves some compatibility issues, in addition to several mitigation enhancements.

8 of 37 comments (clear)

  1. Re:Good job MS by Anonymous Coward · · Score: 3, Funny

    This anonymous guy is right, at least with Microsoft you're paying for top vulnerabilities versus with Linux, you just get the vulns which people half heartedly create... I know where my money is going!

  2. Happy Patch Tuesday everybody! by The+New+Guy+2.0 · · Score: 3, Interesting

    It's Patch Tuesday falling on Veteran's Day this year... so this may catch some IT staff sleeping. Everybody checking Slashdot at home who maintains one of these things... log in an apply the update!

  3. Re:Is There A Fix for XP? by The+New+Guy+2.0 · · Score: 3, Insightful

    This is the knockout blow to XP... an announced unpatched flaw!

  4. Re:Good job MS by pushing-robot · · Score: 3, Insightful

    "Zero day" means the first exploit hasn't been spotted

    What?

    Microsoft announced the patch and the problem at the same time

    Did you even read the summary?

    --
    How can I believe you when you tell me what I don't want to hear?
  5. Re:XP vulnerabilities are exaggerated. by The+New+Guy+2.0 · · Score: 3

    This amounts to "Don't run Office" on XP. If XP can't run IE or Office, better switch to the open source Firefox and OpenOffice... but if you're going to do that, why not bring in Linux?

  6. Re:why is it red? by Anonymous Coward · · Score: 4, Funny

    why is it red?

    Comments are disabled to allow Microsoft time to assemble a team of Social Media Manglers (SMMs). Their job is to ensure discussion of yet another failure is framed so as to minimize the harm to their client's reputation.

    It's part of Microsoft's TOS with the very dicey new Slashdot.

  7. Re:Good job MS by Bite+The+Pillow · · Score: 2

    In opposition, OLE has been a zero-day since at least two years after it was introduced.

    Anything using OLE, or any of the later labels for OLE, should have assumed that it, somehow, was infected.

    It could have been done securely, I assume, but I can't tell you how. I can say that every OLE book has told me, indirectly, how to fuck up a dude's 'puter.

  8. no dice, not zero day. by Gravis+Zero · · Score: 2

    this was a zero day vulnerability... THREE WEEKS AGO.

    --
    Anons need not reply. Questions end with a question mark.