|CERT-In Vulnerability Note
Remote Code Execution Vulnerability in Microsoft Windows OLE
Original Issue Date:October 15, 2014
Severity Rating: MEDIUM
- Windows Vista SP2
- Windows Vista x64 Edition SP2
- Windows Server 2008 for 32-bit Systems SP2 and x64-based Systems SP2
- Windows Server 2008 for Itanium-based Systems SP2
- Windows 7 for 32-bit Systems SP1 and x64-based Systems SP1
- Windows Server 2008 R2 for x64-based Systems SP1 and Itanium-based Systems SP1
- Windows 8 for 32-bit Systems and x64-based Systems
- Windows 8.1 for 32-bit Systems and x64-based Systems
- Windows Server 2012
- Windows Server 2012 R2
- Windows RT
- Windows RT 8.1
A vulnerability has been reported in Microsoft Windows Object Linking and Embedding (OLE), which could be exploited by a remote attacker to execute arbitrary code on the targeted system.
This vulnerability is caused due to improper handling of OLE objects by the affected software. A remote attacker could exploit this vulnerability by crafting a file containing OLE objects and tricking the user to open the same.
Successful exploitation could allow the attacker to execute arbitrary code on the targeted system with the privileges of the logged-in user.
- Disable the WebClient service
- Block TCP ports 139 and 445
- Block the launching of executables via Setup information files
Apply appropriate patches as mentioned in the Microsoft Security Bulletin
The information provided herein is on "as is" basis, without warranty of any kind.
Email: firstname.lastname@example.org Phone: +91-11-24368572
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
6, CGO Complex, Lodhi Road,
New Delhi - 110 003