Microsoft patches Office zero-day used to spread FinSpy surveillance malware
Protecting the Core: Microsoft bug detectors offered bigger reward
Microsoft has patched a security vulnerability in Office, which researchers say has been exploited in the wild to target Russian-speaking users with a surveillance tools.
Tech Pro Research
FireEye researchers, who found the previously undisclosed (a so-called "zero-day") flaw, said in a blog post Tuesday that the malware is served posing as a Rich Text document file that, once opened, would inject and executes malicious code.
The code eventually launches a FinSpy payload, which is associated with Germany-based firm Gamma Group, a firm that carries out legal intercepts for surveillance and conducting espionage.
The company, which sells almost exclusively to nation state hackers, runs a near-constant, cat-and-mouse game to defeat the security in the products of major companies, like Microsoft and Apple.
In 2014, WikiLeaks revealed that several major governments -- including several oppressive states -- were on the FinFisher surveillance suite customer list.
FireEye said the attacker, who isn't known but is likely a nation state actor, may have began as early as July, suggesting the original flaw was only recently discovered.
"These exposures demonstrate the significant resources available to 'lawful intercept' companies and their customers," wrote researchers Genwei Jiang, Ben Read, and Tom Bennett.
In a bulletin, Microsoft rated the vulnerability as "important," and it confirmed that all supported versions of Windows, including its server operating systems, are vulnerable.