Latest News

CBA turns to machine learning to combat abusive messaging

NSW DCS to use ServiceNow as cluster-wide corporate services tool

Britain to front-run capital rules on crypto if need be, says BoE

EU wants USB-C charging port to become standard for all devices

NBN RSPs again ask NBN Co chief, Comms Minister for relief

Microsoft patches zero-day used to install police spyware

By Juha Saarinen on Sep 13, 2017 10:35AM

Microsoft patches zero-day used to install police spyware

.NET framework flaw exploited.

Microsoft's regular Patch Wednesday round of security updates for Windows has closed a bug that left computers open to malware installed by law enforcement agencies.

The flaw, CVE-2017-8759, affects the .NET programming framework and allows for remote code execution.

Security vendor FireEye said the vulnerability had been used to target Russian Windows users through a malicious Microsoft Office document in rich text format (RTF) in July this year.

The vulnerability would attempt to install Gamma Group's FinSpy or FinFisher law enforcement spyware, FireEye said.

The security company did not disclose which law enforcement agency had deployed FinSpy.

It noted that the zero-day vulnerability used to install the malware is the second such flaw found this year.

FireEye believes the exploits, sold to law enforcement agencies, are also reaching financially motivated attackers.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © iTnews.com.au . All rights reserved.

Tags:

0day finspy infosec microsoft security windows

Partner Content

The hybrid work business opportunity

Partner Content The hybrid work business opportunity

Why encryption is the key to digital fitness, according to Thales

Partner Content Why encryption is the key to digital fitness, according to Thales

Digital inefficiency continues to hinder productivity

Partner Content Digital inefficiency continues to hinder productivity

Communication critical to CSV digital transformation, says PwC

Partner Content Communication critical to CSV digital transformation, says PwC

Sponsored Whitepapers

Tomago Aluminium improves SAP environment performance, security with Red Hat and IBM

Tomago Aluminium improves SAP environment performance, security with Red Hat and IBM

Future of work: Support your distributed HR workforce with digital document processes

Future of work: Support your distributed HR workforce with digital document processes

Develop a resiliency strategy that integrates risk analysis & continuity management

Develop a resiliency strategy that integrates risk analysis & continuity management

IBM Maximo: Manage any asset, anytime, any place with mobile EAM

IBM Maximo: Manage any asset, anytime, any place with mobile EAM

Optimise your operations with APM and AI-Powered insights

Optimise your operations with APM and AI-Powered insights

Events

How a FinTech can maintain agility while addressing Non-Functional requirements and ensuring compliance

Most Read Articles

Westpac loses its group head of data and advanced analytics

Westpac loses its group head of data and advanced analytics

Telstra-led consortium to build out NSW's digital twin

Telstra-led consortium to build out NSW's digital twin

Westpac replaces branch phone systems with iPhones, Teams Calling

Westpac replaces branch phone systems with iPhones, Teams Calling

Adobe scores $32m myGov software deal

Adobe scores $32m myGov software deal

Most popular tech stories