CATEGORIES
home News

Microsoft Claims Russian Hackers Already Exploiting Windows Flaw Highlighted By Google

by Brandon HillWednesday, November 02, 2016, 11:53 AM EDT
There’s a bit of bad blood between Microsoft and Google following news that the latter spilled the beans on a 0-day Windows kernel exploit. Google originally alerted Microsoft and Adobe to the vulnerability on October 21st, and went public with its findings just ten days later on November 1st.

"We believe in coordinated vulnerability disclosure, and today’s disclosure by Google puts customers at potential risk," said a Microsoft spokesperson yesterday in a statement. "Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible.”

windows10 start

While Adobe has issued a patch for its part in the exploit, Microsoft says that its patch won’t be available until November 8th. However, Microsoft’s Windows chief Terry Myerson has stepped into the fray to reveal that Russian hackers are actively taking advantage of the exploit discovered by Google.

“Recently, the activity group that Microsoft Threat Intelligence calls STRONTIUM conducted a low-volume spear-phishing campaign,” said Myerson. “This attack campaign, originally identified by Google’s Threat Analysis Group, used two zero-day vulnerabilities in Adobe Flash and the down-level Windows kernel to target a specific set of customers.”

It should be noted that STRONTIUM, also known by the names Fancy Bear and APT 28, has been connected linked with the Russian government, and its reported attacks on the Democratic National Committee. The subsequent release of internal emails by WikiLeaks has certainly added a lot of color to the U.S. president race.

Myerson goes on to explain:

To address these types of sophisticated attacks, Microsoft recommends that all customers upgrade to Windows 10, the most secure operating system we’ve ever built, complete with advanced protection for consumers and enterprises at every layer of the security stack. Customers who have enabled Windows Defender Advanced Threat Protection (ATP) will detect STRONTIUM’s attempted attacks thanks to ATP’s generic behavior detection analytics and up-to-date threat intelligence.

In addition, Myerson indicates that while this latest Windows exploit is incredibly dangerous, customers running the Windows 10 Anniversary Update along with Microsoft Edge are completely protected. For everyone else, you’ll have to wait for the Election Day patch.

Tags:  Microsoft, Google, Hackers, Windows 10, strontium
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment