Hmmm....I don't wear a security hat any more, so probably glad I don't have to sit and pass judgement on its seriousness or scope! :-)
On 14 October 2014 19:16, Andrew S. Baker <[email protected]> wrote: > I'd say that it is, because it is active, and because you only need to > receive the document in some fashion (probably some level of previewing it). > > > > > > > *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> > *Providing Virtual CIO Services (IT Operations & Information Security) for > the SMB market…* > > > > On Tue, Oct 14, 2014 at 1:03 PM, James Rankin <[email protected]> > wrote: > >> Is it really that exciting? It's not like it's a worm that requires no >> interaction (it's just named after a worm), and it is generally exploited >> thru weaponized documents. Its made it into the media through various >> factors (like the NATO bit), but it's not really any different to the >> remote code execution vulns admins patch against every month, IMO. >> >> YMMV, etc. >> >> On 14 October 2014 17:58, Andrew S. Baker <[email protected]> wrote: >> >>> There's a zero-day Windows patch that is part of today's fix. You'll >>> want to prioritize that... >>> >>> >>> http://www.isightpartners.com/2014/10/cve-2014-4114/ >>> >>> https://technet.microsoft.com/library/security/ms14-oct >>> >>> >>> >>> >>> *ASB **http://XeeMe.com/AndrewBaker* <http://xeeme.com/AndrewBaker> >>> *Providing Virtual CIO Services (IT Operations & Information Security) >>> for the SMB market…* >>> >>> >>> >> >> >> -- >> *James Rankin* >> --------------------- >> RCL - Senior Technical Consultant (ACA, CCA, MCTS) | The Virtualization >> Practice Analyst - Desktop Virtualization >> http://appsensebigot.blogspot.co.uk >> > > -- *James Rankin* --------------------- RCL - Senior Technical Consultant (ACA, CCA, MCTS) | The Virtualization Practice Analyst - Desktop Virtualization http://appsensebigot.blogspot.co.uk
