Microsoft patches Office zero-day used to spread FinSpy surveillance malware

The malware, often used by nation states, exploits a flaw in Office, and it's known to have targeted Russians.

Protecting the Core: Microsoft bug detectors offered bigger reward

Microsoft has patched a security vulnerability in Office, which researchers say has been exploited in the wild to target Russian-speaking users with a surveillance tools.

FireEye researchers, who found the previously undisclosed (a so-called "zero-day") flaw, said in a blog post Tuesday that the malware is served posing as a Rich Text document file that, once opened, would inject and executes malicious code.

The code eventually launches a FinSpy payload, which is associated with Germany-based firm Gamma Group, a firm that carries out legal intercepts for surveillance and conducting espionage.

The company, which sells almost exclusively to nation state hackers, runs a near-constant, cat-and-mouse game to defeat the security in the products of major companies, like Microsoft and Apple.

In 2014, WikiLeaks revealed that several major governments -- including several oppressive states -- were on the FinFisher surveillance suite customer list.

FireEye said the attacker, who isn't known but is likely a nation state actor, may have began as early as July, suggesting the original flaw was only recently discovered.

"These exposures demonstrate the significant resources available to 'lawful intercept' companies and their customers," wrote researchers Genwei Jiang, Ben Read, and Tom Bennett.

In a bulletin, Microsoft rated the vulnerability as "important," and it confirmed that all supported versions of Windows, including its server operating systems, are vulnerable.

Microsoft fixed an additional 81 separate vulnerabilities in its monthly round-up of security patches.

Contact me securely

Zack Whittaker can be reached securely on Signal and WhatsApp at 646-755–8849, and his PGP fingerprint for email is: 4D0E 92F2 E36A EC51 DAAE 5D97 CB8C 15FA EB6C EEA5.

Read More

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All