DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
July 19, 2018 
Main Menu
News archives

Who's Online
There are currently 171 people online.


Latest Reviews
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller

Follow us

Microsoft patches 0-day in Windows that was used to install malware

Posted on Wednesday, September 13 2017 @ 10:55:01 CEST by

MS logo
Yesterday's round of Patch Tuesday fixes from Microsoft included an update for a zero-day security vulnerability in Windows that was actively exploited by "an undisclosed nation" to install spyware on vulnerable PCs.

ARS Technica reports the exploit spread via a Microsoft Word document and abused a flaw in Microsoft's .Net framework to install the Finspy malware. Interestingly, this malware is developed by a British company and is sold to governments around the world:
Microsoft Word 0-day was actively exploited by strange bedfellows The exploit, according to a blog post published Tuesday by security firm FireEye, was embedded in a Microsoft Word document. Once opened, the document exploited a zero-day vulnerability in Microsoft's .Net framework. The exploit caused the targeted computer to install Finspy (sometimes "FinSpy"), a family of surveillance software that its controversial developer, UK-based Gamma Group, sells to governments throughout the world. Tuesday's blog post said the document might have been used to infect an unnamed "Russian speaker." The vulnerability, indexed as CVE-2017-8759, comes five months after FireEye disclosed a different zero-day being used to distribute Finspy.

"These exposures demonstrate the significant resources available to 'lawful intercept' companies and their customers," FireEye researchers wrote. "Furthermore, Finspy has been sold to multiple clients, suggesting the vulnerability was being used against other targets."
Besides this 0-day .NET vulnerability, Microsoft also fixed over 80 other bugs on this month's Patch Tuesday.



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2018 DM Media Group bvba