Microsoft is making a patch for this vulnerability available as part of patch updates on the 14th – CVE-2014-4114.
Exploitation of this vulnerability was discovered in the wild in connection with a cyber-espionage campaign that iSIGHT Partners attributes to Russia.
Visibility into this campaign indicates targeting across the following domains. It is critical to note that visibility is limited and that there is a potential for broader targeting from this group (and potentially other threat actors) using this zero-day.
- Ukrainian government organizations
- Western European government organization
- Energy Sector firms (specifically in Poland)
- European telecommunications firms
- United States academic organization
- See more at: http://www.isightpartners.com/2014/10/cve-2014-4114/#sthash.n43KudAG.dpuf