Microsoft patches zero-day used to install police spyware

By

.NET framework flaw exploited.

Microsoft's regular Patch Wednesday round of security updates for Windows has closed a bug that left computers open to malware installed by law enforcement agencies.

Microsoft patches zero-day used to install police spyware

The flaw, CVE-2017-8759, affects the .NET programming framework and allows for remote code execution.

Security vendor FireEye said the vulnerability had been used to target Russian Windows users through a malicious Microsoft Office document in rich text format (RTF) in July this year.

The vulnerability would attempt to install Gamma Group's FinSpy or FinFisher law enforcement spyware, FireEye said.

The security company did not disclose which law enforcement agency had deployed FinSpy.

It noted that the zero-day vulnerability used to install the malware is the second such flaw found this year. 

FireEye believes the exploits, sold to law enforcement agencies, are also reaching financially motivated attackers.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?