For 2nd time this year, Windows 0-day exploited to install Finspy creepware

Enlarge / The WSDL parser, where the zero-day was located. (credit: FireEye)
On Tuesday, Microsoft patched a previously unknown vulnerability that researchers say was actively exploited by an undisclosed nation to install surveillance malware on one or more vulnerable computers.
The exploit, according to a blog post published Tuesday by security firm FireEye, was embedded in a Microsoft Word document. Once opened, the document exploited a zero-day vulnerability in Microsoft’s .Net framework. The exploit caused the targeted computer to install Finspy (sometimes “FinSpy”), a family of surveillance software that its controversial developer, UK-based Gamma Group, sells to governments throughout the world. Tuesday’s blog post said the document might have been used to infect an unnamed “Russian speaker.” The vulnerability, indexed as CVE-2017-8759, comes five months after FireEye disclosed a different zero-day being used to distribute Finspy.
“These exposures demonstrate the significant resources available to ‘lawful intercept’ companies and their customers,” FireEye researchers …


Read more: original article.