OLE Archives

At this late date, you’d like to think that all the really nasty vulnerabilities in legacy Windows systems have been identified. Wishful thinking. On Tuesday, Microsoft issued a patch for a critical, remotely exploitable vulnerability affecting Windows systems going back to Windows 95, one of 14 software fixes the company released. The vulnerability in Microsoft’s OLE (Object Linking and Embedding) code is associated with CVE-2014-6332 and is already being used in targeted attacks online. It is among the most serious discovered in recent years, exposing Windows systems to remote attacks that can bypass Microsoft’s Enhanced Mitigation Experience Toolkit (EMET) and Enhanced Protected Mode sandbox in the Internet Explorer browser. The vulnerability was discovered six months ago and patched, officially, on Tuesday with MS14-064, which fixes a related OLE vulnerability, CVE-2014-6352). Microsoft has also released a stop-gap tool that customers can use in lieu of the full patch. Microsoft has also issued an […]

OLE

Microsoft Fixes 18 Year-Old Windows Hole Used In Attacks

Recent Posts

Episode 257: Securing Software on Wheels with Dennis Kengo Oka of Synopsys

Malicious Python Packages Target Crypto Wallet Recovery Passwords

Episode 256: Recursive Pollution? Data Feudalism? Gary McGraw On LLM Insecurity

China Calls Out U.S. For Hacking. The Proof? TBD!

Episode 255: EDM, Meet CDM – Cyber Dance Music with Niels Provos

Subscribe to Podcast

OLE