A monthly Microsoft Patch Tuesday has evolved into a tradition that security researchers applaud. Released updates usually fix relevant and highly-disturbing vulnerabilities, and this special occasion in September was no exception. Once again, Microsoft found some zero-day flaws that could have allowed hackers to install FINSPY monitoring software into operating systems.
Latter vulnerability is getting the most attention from social media networks. You might have noticed the buzz about the fact that a very little effort was needed for crooks to successfully implant FINSPY into devices. However, this revelation is not as ground-breaking as the first time around. In total, over 80 vulnerabilities were fixed in the newest Microsoft patch.
Files of Microsoft Office can bring FINSPY
According to FireEye researchers, the spyware was secretively distributed in malicious Microsoft Office RTF files. How did users encounter these them? Well, one possibility is that deceptive email letters might have urged targets to download and open such files from email letters. Such attacks are expected to mostly target people from Russian-speaking countries.
FinSpy, a.ka FinFisher, is described as a surveillance software product by Lench IT Solutions plc. This spyware was also been involved in several scandals. For instance, citizen from USA had indicated that Ethiopian government had installed FINSPY without her knowledge. As a consequence, his and his family’s privacy was violated big time.
Also, this software was been covertly deployed on computer devices in various Internet cafes and other suspicious locations that provide access to the World Wide Web. While this might have been done for security reasons, but secretively monitoring unsuspecting users’ activity, Skype calls does not seem completely fair.
Of course, there are more flaws that the patch has fixed. Flaws in .NET frameworks, Adobe Flash Players, Device Guards, HoloLens, Internet Explorers, Microsoft Bluetooth Driver, Microsoft Edge and others have been included into the patch. To make sure that operating systems would be properly secured, we suggest Microsoft clients not to wait around: take advantage of the published patch immediately. As soon as information about dangerous vulnerabilities starts to circulate, some hackers could attempt to exploit them. In fact, people should always check whether their software is up-to-date.