Another security vulnerability is in the news today. This time it’s dramatically called “SandWorm,” an allusion to a creature in the film DUNE. It’s an attack based on a Windows vulnerability that has been used by Russian based hackers to attack NATO, EU, Telecommunications and Energy related computer networks for digital espionage. The security firm iSightPartners identified this threat and worked with Microsoft on the security vulnerability.
Microsoft is releasing this patch as part of October’s “Patch Tuesday” release. Community IT will be deploying this patch to our early adoption group this week and then doing a broader deployment once we’ve confirmed that there are not any adverse effects of the new patches.
For an overview see: http://arstechnica.com/security/2014/10/suspected-russian-sandworm-cyber-spies-targeted-nato-ukraine/
More technical details can be found here: http://www.isightpartners.com/2014/10/cve-2014-4114/