Microsoft has issued a fix to a security vulnerability found in its MSOffice software which helps in spreading FinSpy Surveillance malware. After learning about it from the alert issued by cyber security firm FireEye, the software giant decided to immediately react on the issue and issued a patch to the immediately secure the vulnerability in its Office software.
In July this year, researchers from FireEye discovered a zero day flaw in Microsoft Word Document software. The flaw is actually a malware in disguise of a Rich Text Document which when once opened, would inject and execute malicious code.
The code then launches a FinSpy payload, which is in some way associated with a Germany based firm called Gamma Group, which offers legal intercepts for surveillance and espionage related projects.
In the year 2014, Wikileaks revealed that several major governments were on FinSpy Surveillance suite customer list. Means many government agencies are buying the said spying malware to conduct espionage on their foes.
Note- The exploit, which FireEye researchers found has also worked with Windows 2016 and Office 365.
Therefore, in its latest security bulletin issued on Tuesday, Microsoft said that the vulnerability was important and confirmed that all supported versions of Windows, including its server operating systems were vulnerable. The Redmond based giant added that the attack could have been composed by members of a hacking group named NEODYMIUM who earlier exposed similar zero day flaws on Windows OSes.
