Zero-Day in Windows Abused for Planting FinSpy Spyware

Microsoft lately issued one security patch to fix a flaw in Office that according to researchers, was getting exploited for attacking end-users speaking Russian language, using certain surveillance tool.

The earlier undisclosed 0-day flaw that FireEye's security researchers discovered was implanted within one Word file that if opened, abused the vulnerability within .Net framework of Microsoft for disseminating spyware.

The security flaw kick started the attacked PC for loading the infamously known FinSpy surveillance malware. The Gamma Group is the developer of 'FinSpy,' one type of spyware which has been in bad news, in particular because it supported the surveillance tactics of authoritarian governments. The Word file as mentioned seemingly was created for contaminating one anonymous Russian speaker.

Notably according to FireEye, the zero-day flaw in discussion is the No.2 such flaw detected with which FinSpy has been disseminated. The attackers' capacity towards targeting even Windows 10, the OS version of Microsoft which's most secure, suggests there are considerable resources with these businesses which provide governments with interception technologies.

Microsoft has blogged that the CVE-2017-8759 security flaw lets execution of remote code if potential victims view certain spam mail while open a dubious attachment as well as deactivate the Protected View mode of Microsoft Office. The exploit utilizes a Word document in the beginning for getting to the actual flawed item that's unrelated to Microsoft's Office program as also that's behind some SOAP-rendering functions via the .NET framework.

The security researchers write that the above described exposures reveal 'lawful intercept' businesses as well as their customers as equipped with considerable resources. Moreover, many clients have bought FinSpy, indicating other targets as being affected with the security flaw. Also, the hacker gang that spread FinSpy via exploitation of the new vulnerability belongs to the NEODYMIUM group which earlier exploited likewise 0-day vulnerabilities through attachments in spear-phishing e-mails which planted the FinFisher spyware.

Clients getting automatic updates to patch various Microsoft products would stay wholly safeguarded from the FinSpy assault. Other clients i.e. those not receiving the automatic updates require thinking to apply right away for the September updates and remain protected from unnecessary exposure.

» SPAMfighter News - 9/20/2017