• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 23rd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Technology News
Microsoft

Microsoft Patches 85 Flaws, One Allowed FinFisher Spyware Installation

September 13th, 2017 Waqas Security, Malware, Microsoft, Technology News 0 comments
Microsoft Patches 85 Flaws, One Allowed FinFisher Spyware Installation
Share on FacebookShare on Twitter

Microsoft Releases Patch for Dangerous .NET Vulnerability in Latest Security Updates.

Microsoft has finally patched a vulnerability in Microsoft Windows that was used by law enforcement agencies to target Windows users in Russia. The patch, (OS Build 15063.608), was part of Microsoft’s monthly “Patch Tuesday” series containing security updates for 85 different flaws including the serious .NET framework flaw that allowed hacking of targeted computers through malicious MS Office attachments.

The update was released on Tuesday and offers security updates for all versions of Microsoft Windows as well as other products. However, the most important vulnerability that it patches is the .NET framework flaw that affected Windows 10 systems.

Regarding the vulnerability, Microsoft wrote on its advisory page that:

“A remote code execution vulnerability exists when Microsoft .NET Framework processes untrusted input. An attacker who successfully exploited this vulnerability in software using the .NET framework could take control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.”

The vulnerability has been codenamed CVE-2017-8759. It affected the .NET programming framework and allowed remote code execution. According to FireEye security firm which discovered this vulnerability, the flaw was exploited through a malicious MS Office document uploaded in rich text format (RTF) while the exploitation occurred in July 2017. This flaw attempted to install FinFisher or FinSpy spyware developed by the UK based Gamma Group specifically for law enforcement agencies. However, FireEye did not point out which agency deployed FinFisher/FinSpy spyware.

FireEye also noted that the zero-day vulnerability that allowed installation of malware on Windows systems is the second flaw that has been identified in Windows OS this year. As per FireEye researcher’s analysis, apart from selling the spyware to law enforcement, financially motivated cyber criminals also benefitted from it.

“These exposures demonstrate the significant resources available to ‘lawful intercept’ companies and their customers. Furthermore, Finspy has been sold to multiple clients, suggesting the vulnerability was being used against other targets,” FireEye said.

FireEye has described the flaw as a SOAP WSDL parser code injection vulnerability. That’s because it allowed malware to inject arbitrary code in the definition contents of SOAP WSDL while the attachments responsible for inserting the malware were identified as a common attack vector. The .NET flaw scrubbed malicious input from data that was fed to the Web Services Description Language (WSDL).

Vulnerable WSDL Parser (Credit: FireEye)

The attacker compelled Windows user to open the email containing the malicious document or application. Once injected, the code created a process for retrieving an HTA script, which in turn deleted the source code and library to download and execute “left.jpg” file. Don’t be confused by this file’s classification as a JPG image since it was everything else than an image file. It was an executable document and instantly installed FinSpy spyware, a malware that used heavily obscured coding as well as built-in virtual machine to hide its functions.

Microsoft believes that the NEODYMIUM group carried out the attack exploiting the .NET framework flaw because the same group previously exploited a similar zero-day vulnerability using spear-phishing attachments to install FinFisher spyware.

[fullsquaread][/fullsquaread]

Patch Tuesday includes patches for some important vulnerabilities along with the serious .NET framework flaw including Remote Code Execution patches for MS Office, Internet Explorer 11 and Edge and patch for a BlueBorne BlueTooth flaw that allowed attackers to hack Windows PCs, Android and Linux devices.

  • Tags
  • Bluetooth
  • Flaw
  • internet
  • Malware
  • Microsoft
  • security
  • Technology
  • Vulnerability
  • Windows
Facebook Twitter LinkedIn Pinterest
Previous article Road Sign in Modesto Hacked with Anti-Trump Message
Next article "Your Windows has Been Banned" Malware Returns with Higher Ransom Demand
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Hacked Android phones mimicked connected TV products for fake ad views

Hacked Android phones mimicked connected TV products for fake ad views

Signal CEO hacks Cellebrite cellphone hacking, cracking tool

Signal CEO hacks Cellebrite cellphone hacking, cracking tool

Play Store apps plagued with malware have 700,000 downloads

Play Store apps plagued with malware have 700,000 downloads

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Hacked Android phones mimicked connected TV products for fake ad views
Cyber Crime

Hacked Android phones mimicked connected TV products for fake ad views

Signal CEO hacks Cellebrite cellphone hacking, cracking tool
Hacking News

Signal CEO hacks Cellebrite cellphone hacking, cracking tool

Play Store apps plagued with malware have 700,000 downloads
Security

Play Store apps plagued with malware have 700,000 downloads

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us