Dive Brief:
-
Microsoft says the hacking group Strontium is behind cyberattacks that recently exploited a Windows zero-day security flaw, according to Reuters.
-
Microsoft said attacks using "spear phishing" emails from Strontium exploited a previously unknown vulnerability in both Windows and Adobe Flash. Microsoft did not disclose the victims of the attacks.
-
Strontium has been connected to the Russian government and to recent political hacks in the U.S.
Dive Insight:
Strontium also goes by the names "Fancy Bear" or APT 28. The bug affects the Windows kernel and "can be used as a security sandboxes," Google said, in its blog post revealing the vulnerability. Google told Microsoft about the flaw on Oct. 21.
Microsoft said a patch will be released on Nov. 8. Adobe, which also had a flaw, released a patch for Flash, its troubled multimedia player, on Monday. But Microsoft did not act fast enough for Google, apparently. Google security researchers publicly disclosed the holes on Monday, a move that angered Microsoft.
"Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk," Microsoft said.
When an actively exploited flaw is found, Google's policy is to disclose to the public sooner rather than later for their protection. "Based on our experience, however, we believe that more urgent action — within 7 days — is appropriate for critical vulnerabilities under active exploitation," Google said.
