Microsoft patches zero-day used to install police spyware

By

.NET framework flaw exploited.

Microsoft's regular Patch Wednesday round of security updates for Windows has closed a bug that left computers open to malware installed by law enforcement agencies.

Microsoft patches zero-day used to install police spyware

The flaw, CVE-2017-8759, affects the .NET programming framework and allows for remote code execution.

Security vendor FireEye said the vulnerability had been used to target Russian Windows users through a malicious Microsoft Office document in rich text format (RTF) in July this year.

The vulnerability would attempt to install Gamma Group's FinSpy or FinFisher law enforcement spyware, FireEye said.

The security company did not disclose which law enforcement agency had deployed FinSpy.

It noted that the zero-day vulnerability used to install the malware is the second such flaw found this year. 

FireEye believes the exploits, sold to law enforcement agencies, are also reaching financially motivated attackers.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

Microsoft offers to boost European governments' cyber security for free

Microsoft offers to boost European governments' cyber security for free

Log In

  |  Forgot your password?