Microsoft has released the patch in September that stage, a flaw basic Windows, which had allowed the spread of the spyware FinSpy. To discover the problem was the security agency FireEye, that he had considered extremely critical because of the possibility that a third party could take complete control of the system to install programs, delete data, and create accounts with administrator rights. The Microsoft team was not aware of the vulnerability, referred to as zero-day. According to FireEye, the exploit was distributed via a document malignant Office in the RTF format, which, once opened, the user starts the upload of the famous spying software, via a port that is open (here the hole) is in the framework .NET.
The first investigation of FireEye would climb the threat to Russian hackers, for the language used in the compilation. Several copies of spyware have been sold in the past by Gamma Group, a company of signature british-German customer belonging to the world of the forces of order, always interested to find new methods to intercept specific objectives. If one of the routes of entry of FinSpy in the computer was closed it is said that there are other that can be exploited by snoops and crooks. As pointed out by Trend Micro, the work of patching Redmond has intensified recently, also affecting other platforms of the group, as the HoloLens. In the latter case, the company has plugged the vulnerability BroadPwn, the same that had been targeting the iOS and Android. In all there are 81 patches included in the latest update of September, aimed at making more secure Windows, Internet Explorer, Edge, Exchange, .NET framework, Office, and Hyper-V.