Vulnerabilities in Windows OLE Could Allow Remote Code Execution (MS14-064)

ITS Advisory Number: 
2014-094
Date(s) Issued: 
Tuesday, November 11, 2014
Subject: 
Vulnerabilities in Windows OLE Could Allow Remote Code Execution (MS14-064)
Overview: 

Multiple vulnerabilities have been discovered in Microsoft Windows Object Linking and Embedding (OLE) that could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited the vulnerabilities could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

Systems Affected: 
  • Windows Server 2003
  • Windows Vista
  • Windows Server 2008
  • Windows 7
  • Windows Server 2008 R2
  • Windows 8 and Windows 8.1
  • Windows Server 2012 and Windows Server 2012 R2
  • Windows RT and Windows RT 8.1
  • Server Core installation option
RISK
GOVERNMENT
Large and medium government entities: 
High
Small government entities: 
High
BUSINESS
Large and medium business entities: 
High
Small business entities: 
High
Home Users: 
High
Description: 

Multiple vulnerabilities has been discovered in Microsoft Windows Object Linking and Embedding (OLE) that could allow an attacker to take complete control of an affected system. The details of these vulnerabilities are as follows:

  • An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. - CVE-2014-6332
  • A remote code execution vulnerability exists in the context of the current user that is caused when a user downloads, or receives, and then opens a specially crafted Microsoft Office file that contains OLE objects. - CVE-2014-6352
Actions: 

We recommend the following actions be taken:

  • Apply the Microsoft Fix it solution, "OLE packager Shim Workaround", that prevents exploitation of the vulnerability.
  • Do not open Microsoft PowerPoint files, or other files, from untrusted sources.
  • Apply the principle of Least Privilege to all services.
  • Deploy the Enhanced Mitigation Experience Toolkit 5.0 and configure Attack Surface Reduction.