Microsoft: Windows bug exploited by hackers tied to Russia

6 years ago

Microsoft has confirmed some Windows users were under attack earlier this month by a specialized hacking group.
The group, which was previously tied to Russia's best intelligence agency by other cybersecurity firms, were exploiting a bug recently discovered by Google, Microsoft said.
Google revealed on Monday a critical bug in Microsoft Windows software that could give hackers full control of your computer. Microsoft has since announced plans to release a fix on Tuesday, November 8.
Google's security team said it first discovered "zero day" bugs in Adobe (ADBE) and Microsoft (MSFT, Tech30) software on October 21. "Zero day" is the term for unique, never-before-seen vulnerabilities that are dangerous because they're live.
Adobe addressed the bug with an update to its Adobe Flash Player on October 26, five days after it was first notified by Google. Microsoft, however, had yet to issue a fix, so Google (GOOG) went public with the bug on Monday.
Microsoft contested the seriousness of the bug on Tuesday morning, saying Adobe's fix is sufficient.
"We disagree with Google's characterization ... as 'critical' and 'particularly serious,' since the attack scenario they describe is fully mitigated by the deployment of the Adobe Flash update released last week," according to a Microsoft statement sent to CNNMoney.

But some experts believe the bug could still be exploited while users wait for a Microsoft update.
"The bug could be used as part of a larger attack to take control of the entire system," security researcher Katie Moussouris, CEO of Luta Security, told CNNMoney.
Microsoft has criticized Google's public reporting of the bug.
"Google's decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk," reads a blog post from Terry Myerson, EVP of Microsoft's Windows and Devices Group.
Google's security team is set up to search for exploits quietly lurking on the internet. It typically recommends companies fix security issues within 60 days, but in 2013, it announced a more aggressive, expedited disclosure policy for urgent requests. That gave Microsoft just seven days to come up with a fix.
Microsoft said the bug was never effective in its Windows 10 Anniversary Update, which launched in August, due to security enhancements.
The company unveiled its next-generation Windows software, called Windows 10 Creator Update, less than a week ago.
For now, Microsoft users should ensure auto updates are turned on for Flash, Windows and Antivirus software. It's also recommended to run Google's Chrome browser, which prevents the bug from being exploited, according to Moussouris.

Comment Box is loading comments...
Related forums
Military coup is becoming a possibility in Russia - Putin
Forum

Military coup is becoming a possibility in Russia - Putin's former speechwriter

1 day ago
Foreign Hackers Are Attacking Our Database - INEC Chairman
Forum

Foreign Hackers Are Attacking Our Database - INEC Chairman

1 week ago
Russia threatens ‘global catastrophe’ if US, NATO supply weapons to Ukraine
Forum

Russia threatens ‘global catastrophe’ if US, NATO supply weapons to Ukraine

1 week ago
Lavrov Says Russia Will ‘sober Up’ NATO And EU
Forum

Lavrov Says Russia Will ‘sober Up’ NATO And EU

2 weeks ago