Microsoft has detected and patched a zero-day vulnerability in Office, this cybersecurity vulnerability was used to spread FinSpy, a piece of surveillance-type malware.
FireEye researchers have said that the malware was designed to target Russian-speaking users. In Tuesday’s blog post, they revealed it was a previously undisclosed zero-day flaw, and that the malware is found within Rich Text document files. Once opened, it continues to inject and execute malicious code.
Eventually, the code launches a payload called FinSpy. The term is associated with Gamma Group, a Germany-based legal company that conducts espionage and carries out legal intercepts for surveillance. Just like Apple and Microsoft, the company runs a contest in which the contestants are encouraged to break through the cybersecurity of major companies’ products.
In 2014, a major WikiLeaks article revealed that several major governments, including many oppressive states, found themselves on the FinFisher surveillance suite customer list.
According to FireEye, the attacker is still unknown. However, it’s rather likely that the person is a nation state actor who began their activities in July, which suggests the original flaw was discovered not too long ago.
The researchers Genwei Jiang, Tom Bennett, and Ben Read, believe this clearly demonstrates the scope of resources the ‘lawful intercept’ companies have at their disposal.
Microsoft marked the vulnerability as “important” and confirmed that all supported versions of Windows are vulnerable. This includes its server operating systems as well.
In its monthly series of cybersecurity patches, Microsoft has also patched an additional 81 vulnerabilities.