Recently two 0-day exploits were revealed. The first one was given the name Sandworm, however the name convention was mistakenly including the “worm” term as we will see. The second one CVE-2014-4113 is a privilege escalation local exploit for Windows.
more here..........http://labs.jumpsec.com/2014/11/10/playing-ms14-060-ms14-058-cve-2014-4113-cve-2014-4114-attacks-defenses/
more here..........http://labs.jumpsec.com/2014/11/10/playing-ms14-060-ms14-058-cve-2014-4113-cve-2014-4114-attacks-defenses/