On Tuesday, October 14, 2014, iSIGHT Partners – in close collaboration with Microsoft – announced the discovery of a zero-day vulnerability impacting all supported versions of Microsoft Windows and Windows Server 2008 and 2012.
Microsoft is making a patch for this vulnerability available as part of patch updates on the 14th – CVE-2014-4114.
Exploitation of this vulnerability was discovered in the wild in connection with a cyber-espionage campaign that iSIGHT Partners attributes to Russia.
This is making the rounds in the news, which isn’t surprising given the potential source as well as targets, but should you as an end user be worried over this? Probably not – in most cases. The vulnerability isn’t released in the wild, which means that you’d need to be the target for a very specific group of people to be hit by this. You should however of course still tread with caution until tomorrow’s Windows Update which will fix this vulnerability.