2 min read

Microsoft strangles critical vulnerabilities, including in-the-wild zero-day flaw. Patch now!

Graham CLULEY

September 13, 2017

Microsoft strangles critical vulnerabilities, including in-the-wild zero-day flaw. Patch now!

Microsoft has once again released a batch of essential security updates for users of its software.

One of the flaws (CVE-2017-8759) addressed by Microsoft’s patches is a previously unknown vulnerability in the .Net framework. The zero-day vulnerability was being actively exploited in attacks which targeted Russian-speaking users with poisoned Word documents that served up a version of the FinFisher spyware.

FinFisher, also known as FinSpy or WingBird, is a family of controversial covert surveillance software which has often been linked to spying on political dissidents by intelligence agencies and repressive regimes around the world.

The makers of FinFisher claim that they sell their controversial software exclusively to government agencies for targeted criminal investigations, suggesting that the latest wave of attacks are the work of a hacking group assisted by a state actor.

The most recent attacks on Russian speakers have been tied to a hacking gang known as Neodymium, which in early May 2016 exploited a Flash Player zero-day vulnerability to infect targeted computers with FinFisher. Most of the victims of that attack were located in Turkey, although infections were also seen in Germany, the United Kingdom and the United States.

Also of note is that Microsoft has revealed it has pushed out a fix for the newly-announced BlueBorne exploits (CVE-2017-8628), which could allow an attacker to initiate a Bluetooth connection to a targeted device without the user’s knowledge, and open opportunities ofr man-in-the-middle (MITM) attacks

In its Patch Tuesday release, Microsoft addressed 81 new vulnerabilities – of which 27 have been given the highest rating of “critical”.

In addition, Microsoft is releasing an update to the version of Adobe Flash Player embedded in its Edge and Internet Explorer browsers. Affected software includes Edge, Hyper-V, Internet Explorer, Microsoft Office, Remote Desktop Protocol, Sharepoint, Windows Graphic Display Interface, and Windows Kernel Mode Drivers. In addition, Microsoft is also releasing an update for Adobe Flash Player embedded in Edge and Internet Explorer.

Make sure to roll out Microsoft’s security updates to your vulnerable computers at the earliest opportunity to reduce the chances of a hacker successfully exploiting your devices.

Enterprise customers are recommended to test that the patches do not cause any problems during roll-out on a test set of PCs, before updating all of their PCs across the business.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read
Homoglyph domains used in BEC scams shut down by Microsoft Homoglyph domains used in BEC scams shut down by Microsoft
Graham CLULEY

July 22, 2021

3 min read
China Sets Up New Worrying Vulnerability Disclosure Rules China Sets Up New Worrying Vulnerability Disclosure Rules
Silviu STAHIE

July 20, 2021

1 min read