Home / News / Software News / Microsoft blames Russian-linked hackers for 'critical' Windows exploit – after Google exposed it

Microsoft blames Russian-linked hackers for 'critical' Windows exploit – after Google exposed it

by

satya nadella

Update: Microsoft has blamed STRONTIUM, a hacker group with alleged links to the Russian government, for the recent cyber attacks revealed by Google as a “critical vulnerability” in Windows.

In a blog post dated November 1, Microsoft Windows and Devices Group Executive Vice President Terry Myerson acknowledged that Microsoft had recently detected a "low-volume spear phishing campaign" from an "activity" group it calls STRONTIUM, though the group is also widely known as 'Fancy Bear'.

The group has previously been linked to the Russian government and accused of being behind the recent US election hacks.

Myerson writes:

"STRONTIUM is an activity group that usually targets government agencies, diplomatic institutions, and military organizations, as well as affiliated private sector organizations such as defense contractors and public policy research institutes. Microsoft has attributed more 0-day exploits to STRONTIUM than any other tracked group in 2016."

Microsoft also issued an official guidance, recommending that potentially affected users upgrade to the latest version of Windows 10 immediately, enable Windows Defender Advanced Threat Protection, and wait for a patch to be issued on its next 'Patch Tuesday', which is set for November 8.

'Critical' Windows bug revealed by Google – what's the story?

On October 21, Google warned Microsoft privately about a major security flaw in Windows that was already being exploited by hackers. Then, just 10 days later, Google went live to the public with the flaw. Unfortunately, when Google published its findings in detail, Microsoft still hadn’t fixed the issue, which potentially left Windows users more exposed than they had been before.

“After seven days, per our published policy for actively exploited critical vulnerabilities, we are today disclosing the existence of a remaining critical vulnerability in Windows for which no advisory or fix has yet been released,” reads a blog post written by Neel Mehta and Billy Leonard, of Google’s Threat Analysis Group. “The vulnerability is particularly serious because we know it is being actively exploited.”

It continued: “The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape."

But in a statement to VentureBeat, Microsoft revealed it wasn’t too chuffed with Google going public about the flaw. It reads:

“We believe in coordinated vulnerability disclosure, and today’s disclosure by Google puts customers at potential risk. Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection.”

So what should you do to stay safe? Well, it appears that the vulnerability can be traced to a flaw in Adobe Flash, which has since been patched by Adobe. But Google still recommends that if you’re using an auto-updater for Flash, you should verify whether or not you have the latest version. And it also recommends that you immediately apply any Windows patches from Microsoft “when they become available for the Windows vulnerability”.

Related: Microsoft Surface Studio features

Watch: Microsoft Surface Studio – First Look

Do you think Google's controversial strategy of exposing security flaws just seven days after privately disclosing them is right or wrong? Let us know in the comments.

Phil

November 1, 2016, 12:48 pm

I personally think that in this kind of situation Google should state that they have found the vulnerability, where it originates and what can happen in order that people can protect themselves (potentially companies might temporarily disable Flash or something) whilst also putting pressure on MS to patch the bug. Publishing technical details just makes a vulnerability (which may be well known in the hacker community) potentially available for exploit by script kiddies and so on who might not otherwise have the knowledge or technical ability to do so.

Prem Desai

November 1, 2016, 10:54 pm

Very dumb on Google's part. Now everyone knows about it and how to exploit it.

Dieter Hoppe

November 3, 2016, 12:47 am

Worst part is, MS doesn't mention it can't be fixed according to a security tech company. I can only recommend to dump MS completly. I did so more then five years ago on all my home and work PCs and haven't looked back. E.g. My wife has taken to it like a duck to the water. We are not young folks (65 & 63) in case someone thinks it's to hard.(Keeps your brain working)

Dieter Hoppe

November 3, 2016, 1:15 am

Just to expand on my previous email. I started off with Opensuse but changed to Debian. Reason: It is the most community based Linux version with very little big corporation influence and to my surprise it installed like a dream beating MS & Opensuse by miles. It doesn't matter what some are saying, but MS, Apple or any other commercialised software company are not communities. They are fashions and they normally come and go. It's up to the people to have choices and not be slaves to fashion.

comments powered by Disqus