Microsoft's regular Patch Wednesday round of security updates for Windows has closed a bug that left computers open to malware installed by law enforcement agencies.
The flaw, CVE-2017-8759, affects the .NET programming framework and allows for remote code execution.
Security vendor FireEye said the vulnerability had been used to target Russian Windows users through a malicious Microsoft Office document in rich text format (RTF) in July this year.
The vulnerability would attempt to install Gamma Group's FinSpy or FinFisher law enforcement spyware, FireEye said.
The security company did not disclose which law enforcement agency had deployed FinSpy.
It noted that the zero-day vulnerability used to install the malware is the second such flaw found this year.
FireEye believes the exploits, sold to law enforcement agencies, are also reaching financially motivated attackers.