Home Security Microsoft patches Office flaw used to spread spyware

Microsoft patches Office flaw used to spread spyware

Microsoft has issued a patch to fix a flaw in its Office suite that was being used to spread spyware known as FINSPY.

The flaw was discovered by security firm FireEye which co-ordinated disclosure with Microsoft.

The software giant revealed details of the flaw as part of its regular monthly updates on Tuesday, along with details of another 80-odd flaws in numerous software packages that it sells.

The flaw in question allowed the injection of arbitrary code in a Word document. Researchers from FireEye said they had analysed a document which the attackers used to download and run a Visual Basic script that contained PowerShell commands.

Researchers Genwei Jiang, Ben Read and Tom Bennett said that the document, titled Проект.doc, was probably aimed at Russian speakers.

The FINSPY malware, also known as FinFisher or WingBird, that was being distributed can be bought as part of a lawful intercept package.

"Based on this and previous use of FINSPY, we assess with moderate confidence that this malicious document was used by a nation-state to target a Russian-speaking entity for cyber espionage purposes," the trio said.

The flaw, categorised as CVE-2017-8759, is the second zero-day found by FireEye that distributes the FINSPY malware.

"These exposures demonstrate the significant resources available to 'lawful intercept' companies and their customers," the researchers said. "Furthermore, FINSPY has been sold to multiple clients, suggesting the vulnerability was being used against other targets."

The trio floated the possibility that the flaw was being used by additional actors. 

"While we have not found evidence of this, the zero day being used to distribute FINSPY in April 2017, CVE-2017-0199 was simultaneously being used by a financially motivated actor," they said. "If the actors behind FINSPY obtained this vulnerability  from the same source used previously, it is possible that source sold it to additional actors."


Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips



Ransomware is a type of malware that blocks access to your files and systems until you pay a ransom.

The first example of ransomware happened on September 5, 2013, when Cryptolocker was unleashed.

It quickly affected many systems with hackers requiring users to pay money for the decryption keys.

Find out how one company used backup and cloud storage software to protect their company’s PCs and recovered all of their systems after a ransomware strike.


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.


Popular News