This last Tuesday Microsoft patched another 0-day, a vulnerability that was not found before. The vulnerability took advantage of Microsoft's .Net framework,a software framework designed for Microsoft Windows operating systems that helps with developing software on these operating systems. The 0-day would be embedded, or hidden into a Microsoft Word document and would download surveillance software. This surveillance software has been associated with a UK based company and is sold to governments throughout the world. 

Because Microsoft has patched this vulnerability this exact instance is no longer a threat to computers in the City. However, the way a malicious attacker would try to infect computers through this method would most likely be through phishing. Understanding phishing could help reduce future attacks of this type, and many more. Phishing is an ongoing issue that all employees should understand, know how to identify, and report.

To learn more about phishing go to our webpage: https://www.portlandoregon.gov/bts/73699

Article: https://arstechnica.com/information-technology/2017/09/for-2nd-time-this-year-windows-0day-exploited-to-install-finspy-creepware/

More information about .Net: https://en.wikipedia.org/wiki/.NET_Framework