A cybersecurity firm has discovered yet another unknown vulnerability used to install government spyware. The vulnerability has now been patched.

https://motherboard.vice.com/en_us/article/kz7ekz/researchers-catch-microsoft-zero-day-used-to-install-government-spyware