• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • January 26th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Microsoft

Microsoft Patches 85 Flaws, One Allowed FinFisher Spyware Installation

September 13th, 2017 Waqas Security, Malware, Microsoft, Technology News 0 comments
Microsoft Patches 85 Flaws, One Allowed FinFisher Spyware Installation
Share on FacebookShare on Twitter

Microsoft Releases Patch for Dangerous .NET Vulnerability in Latest Security Updates.

Microsoft has finally patched a vulnerability in Microsoft Windows that was used by law enforcement agencies to target Windows users in Russia. The patch, (OS Build 15063.608), was part of Microsoft’s monthly “Patch Tuesday” series containing security updates for 85 different flaws including the serious .NET framework flaw that allowed hacking of targeted computers through malicious MS Office attachments.

The update was released on Tuesday and offers security updates for all versions of Microsoft Windows as well as other products. However, the most important vulnerability that it patches is the .NET framework flaw that affected Windows 10 systems.

Regarding the vulnerability, Microsoft wrote on its advisory page that:

“A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”

The vulnerability has been codenamed CVE-2017-8759. It affected the .NET programming framework and allowed remote code execution. According to FireEye security firm which discovered this vulnerability, the flaw was exploited through a malicious MS Office document uploaded in rich text format (RTF) while the exploitation occurred in July 2017. This flaw attempted to install FinFisher or FinSpy spyware developed by the UK based Gamma Group specifically for law enforcement agencies. However, FireEye did not point out which agency deployed FinFisher/FinSpy spyware.

FireEye also noted that the zero-day vulnerability that allowed installation of malware on Windows systems is the second flaw that has been identified in Windows OS this year. As per FireEye researcher’s analysis, apart from selling the spyware to law enforcement, financially motivated cyber criminals also benefitted from it.

“These exposures demonstrate the significant resources available to ‘lawful intercept’ companies and their customers. Furthermore, Finspy has been sold to multiple clients, suggesting the vulnerability was being used against other targets,” FireEye said.

FireEye has described the flaw as a SOAP WSDL parser code injection vulnerability. That’s because it allowed malware to inject arbitrary code in the definition contents of SOAP WSDL while the attachments responsible for inserting the malware were identified as a common attack vector. The .NET flaw scrubbed malicious input from data that was fed to the Web Services Description Language (WSDL).

Vulnerable WSDL Parser (Credit: FireEye)

The attacker compelled Windows user to open the email containing the malicious document or application. Once injected, the code created a process for retrieving an HTA script, which in turn deleted the source code and library to download and execute “left.jpg” file. Don’t be confused by this file’s classification as a JPG image since it was everything else than an image file. It was an executable document and instantly installed FinSpy spyware, a malware that used heavily obscured coding as well as built-in virtual machine to hide its functions.

Microsoft believes that the NEODYMIUM group carried out the attack exploiting the .NET framework flaw because the same group previously exploited a similar zero-day vulnerability using spear-phishing attachments to install FinFisher spyware.

[fullsquaread][/fullsquaread]

Patch Tuesday includes patches for some important vulnerabilities along with the serious .NET framework flaw including Remote Code Execution patches for MS Office, Internet Explorer 11 and Edge and patch for a BlueBorne BlueTooth flaw that allowed attackers to hack Windows PCs, Android and Linux devices.

  • Tags
  • Bluetooth
  • Flaw
  • internet
  • Malware
  • Microsoft
  • security
  • Technology
  • Vulnerability
  • Windows
Facebook Twitter LinkedIn Pinterest
Previous article Road Sign in Modesto Hacked with Anti-Trump Message
Next article "Your Windows has Been Banned" Malware Returns with Higher Ransom Demand
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
TikTok vulnerability allowed hackers to access users' phone numbers

TikTok vulnerability allowed hackers to access users' phone numbers

Watch out as new Android malware spreads through WhatsApp

Watch out as new Android malware spreads through WhatsApp

SonicWall hacked after 0-day flaws exploited by hackers

SonicWall hacked after 0-day flaws exploited by hackers

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
TikTok vulnerability allowed hackers to access users' phone numbers
Security

TikTok vulnerability allowed hackers to access users' phone numbers

40
Why you should never use free a VPN
Drones

Why you should never use free a VPN

27
Watch out as new Android malware spreads through WhatsApp
Security

Watch out as new Android malware spreads through WhatsApp

234

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us