E-Threats Industry News

Microsoft strangles critical vulnerabilities, including in-the-wild zero-day flaw. Patch now!

Microsoft has once again released a batch of essential security updates for users of its software.

One of the flaws (CVE-2017-8759) addressed by Microsoft’s patches is a previously unknown vulnerability in the .Net framework. The zero-day vulnerability was being actively exploited in attacks which targeted Russian-speaking users with poisoned Word documents that served up a version of the FinFisher spyware.

FinFisher, also known as FinSpy or WingBird, is a family of controversial covert surveillance software which has often been linked to spying on political dissidents by intelligence agencies and repressive regimes around the world.

The makers of FinFisher claim that they sell their controversial software exclusively to government agencies for targeted criminal investigations, suggesting that the latest wave of attacks are the work of a hacking group assisted by a state actor.

The most recent attacks on Russian speakers have been tied to a hacking gang known as Neodymium, which in early May 2016 exploited a Flash Player zero-day vulnerability to infect targeted computers with FinFisher. Most of the victims of that attack were located in Turkey, although infections were also seen in Germany, the United Kingdom and the United States.

Also of note is that Microsoft has revealed it has pushed out a fix for the newly-announced BlueBorne exploits (CVE-2017-8628), which could allow an attacker to initiate a Bluetooth connection to a targeted device without the user’s knowledge, and open opportunities ofr man-in-the-middle (MITM) attacks

In its Patch Tuesday release, Microsoft addressed 81 new vulnerabilities – of which 27 have been given the highest rating of “critical”.

In addition, Microsoft is releasing an update to the version of Adobe Flash Player embedded in its Edge and Internet Explorer browsers. Affected software includes Edge, Hyper-V, Internet Explorer, Microsoft Office, Remote Desktop Protocol, Sharepoint, Windows Graphic Display Interface, and Windows Kernel Mode Drivers. In addition, Microsoft is also releasing an update for Adobe Flash Player embedded in Edge and Internet Explorer.

Make sure to roll out Microsoft’s security updates to your vulnerable computers at the earliest opportunity to reduce the chances of a hacker successfully exploiting your devices.

Enterprise customers are recommended to test that the patches do not cause any problems during roll-out on a test set of PCs, before updating all of their PCs across the business.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.

1 Comment

Click here to post a comment