On Tuesday, October 14, 2014, iSIGHT Partners and Microsoft announced a Zero-Day vulnerability named “Sandworm” found in all versions of Microsoft Windows and Windows Server 2008 and 2012.
The vulnerability has been exploited in a small number of cyberespionage attacks against NATO, energy companies, a US academic organization and many others. Microsoft has since created a patch and released it as one of their security updates (CVE-2014-4114.).
The status for Codero customers:
Managed Services: Your servers have been or are currently being patched against this vulnerability. Continue to be vigilant when receiving attachments from unknown email addresses.
Self managed: If you have enabled automatic updating, the Microsoft security update will be downloaded and installed automatically. If you have not, it is critical that you run the security update from Microsoft, as well as all other important security updates through the Windows Updater immediately.
Again, if you are not a Codero Managed Services customer and do not have automatic updating enabled, we strongly recommend you patch your Windows servers as soon as possible. Should you require assistance, please contact our support technicians. We are always available 24x7x365 to help.