DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
September 23, 2017 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 66 people online.

 

Latest Reviews
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
ZOWIE G-TF Rough mousepad
ROCCAT Isku FX gaming keyboard
 

Follow us
RSS
 

Microsoft patches 0-day in Windows that was used to install malware

Posted on Wednesday, September 13 2017 @ 10:55:01 CEST by


MS logo
Yesterday's round of Patch Tuesday fixes from Microsoft included an update for a zero-day security vulnerability in Windows that was actively exploited by "an undisclosed nation" to install spyware on vulnerable PCs.

ARS Technica reports the exploit spread via a Microsoft Word document and abused a flaw in Microsoft's .Net framework to install the Finspy malware. Interestingly, this malware is developed by a British company and is sold to governments around the world:
Microsoft Word 0-day was actively exploited by strange bedfellows The exploit, according to a blog post published Tuesday by security firm FireEye, was embedded in a Microsoft Word document. Once opened, the document exploited a zero-day vulnerability in Microsoft's .Net framework. The exploit caused the targeted computer to install Finspy (sometimes "FinSpy"), a family of surveillance software that its controversial developer, UK-based Gamma Group, sells to governments throughout the world. Tuesday's blog post said the document might have been used to infect an unnamed "Russian speaker." The vulnerability, indexed as CVE-2017-8759, comes five months after FireEye disclosed a different zero-day being used to distribute Finspy.

"These exposures demonstrate the significant resources available to 'lawful intercept' companies and their customers," FireEye researchers wrote. "Furthermore, Finspy has been sold to multiple clients, suggesting the vulnerability was being used against other targets."
Besides this 0-day .NET vulnerability, Microsoft also fixed over 80 other bugs on this month's Patch Tuesday.



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2017 DM Media Group bvba