Sandworm Vulnerability Requires Another Fix from Microsoft


Hackers have bypassed Microsoft’s security patch to address the Sandworm vulnerability in Windows resulting in the company issuing another advisory and warning users of the new threat.


The vulnerability could allow remote code execution if a user opens a specially crafted Microsoft Office file that contains an OLE object. An attacker who successfully exploited the vulnerability could gain the same user rights as the current user. Customers whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights. The attack requires user interaction to succeed on Windows clients with a default configuration, as User Account Control (UAC) is enabled and a consent prompt is displayed.


This affects all supported releases of Microsoft Windows, excluding Windows Server 2003:


  • Microsoft recommends users apply the Microsoft Fix it solution, “OLE packager Shim Workaround”.
  • Microsoft recommends to not open Microsoft PowerPoint files, or other files, from untrusted sources.
  • Microsoft recommends User Account Control (UAC) be enabled.
  • Microsoft recommends the Enhanced Mitigation Experience Toolkit 5.0 be deployed and the Attack Surface Reduction be configured.

Find details at Microsoft Knowledge Base Article 3010060.