During the last few days researchers at McAfee Labs have been actively investigating Sandworm, the Windows packager zero-day attack (CVE-2014-4114). McAfee has already released various updates through our products to protect our customers, and we continue to analyze this attack.
During our investigation, we found that the Microsoft’s official patch (MS14-060, KB3000869) is not robust enough. In other words, attackers might still be able to exploit the vulnerability even after the patch is applied. Users who have installed the official patch are still at risk.
more here...........http://blogs.mcafee.com/mcafee-labs/new-exploit-sandworm-zero-day-bypass-official-patch
During our investigation, we found that the Microsoft’s official patch (MS14-060, KB3000869) is not robust enough. In other words, attackers might still be able to exploit the vulnerability even after the patch is applied. Users who have installed the official patch are still at risk.
more here...........http://blogs.mcafee.com/mcafee-labs/new-exploit-sandworm-zero-day-bypass-official-patch