Today is the October Microsoft Patch Tuesday, and it addresses eight separate bulletins. Three bulletins are rated Critical and five are rated Important. Surprising no one, Internet Explorer is back with another Critical bulletin patching fourteen separate vulnerabilities. The spotlight of this release is MS14-060 (CVE-2014-4114). This 0-day vulnerability in the OLE package manager is being actively exploited in the wild in a campaign dubbed Sandworm. More details about it below.
The other vulnerabilities involve another bug in the Windows Kernel Mode Driver. The last fix for KMD back in August was pulled and re-released due to issues causing a blue screen on certain installations. Hopefully similar issues won't be seen this month. Another interesting vulnerability this month is in the Windows FAT32 driver. Although physical access is required to exploit the vulnerability, exploitation would result in arbitrary code execution with elevated privilege.