MS.Windows.OLE.Remote.Code.Execution.MS14-060

description-logoDescription

Windows Object Linking and Embedding (OLE) is a technology developed by Microsoft to allow linking and embedding with documents and objects.
The vulnerability could allow remote code execution if a user opens a Microsoft Office file that contains a specially crafted OLE object. An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user. If the current user is logged on with administrative user rights, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights

affected-products-logoAffected Products

Windows Server 2008
Windows Server 2008 R2
Windows Server 2012 and Windows Server 2012 R2
Windows Vista Service Pack 2
Windows 7
Windows 8 and Windows 8.1
Windows RT and Windows RT 8.1

Impact logoImpact

The vulnerable system can be compromised by a remote attacker to retrieve content or modify application setting on the system. Therefore there is a risk of creating a denial of service scenario, exposing sensitive information or executing arbitrary code.

recomended-action-logoRecommended Actions

Please download and apply patches as instructed in https://technet.microsoft.com/library/security/ms14-060.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)