Microsoft to fix Windows flaw exploited by hackers

Flaw revealed by Google is being exploited by hackers linked to Russia’s government, Microsoft warns. A fix is due next week.

 

Microsoft said Tuesday it will issue a fix next week for a Windows vulnerability it says is being exploited by hackers linked to Russia’s government.

Microsoft said in a company blog post it would release the fix on November 8 as part of its normal patch cycle, adding that a well-known hacking group was already using the newly discovered flaw in a spearphishing campaign. The bug, which was publicly revealed by Google on Monday, can be used to bypass the security sandboxing in the Windows32K system.

The bug’s revelation has caused some friction between Microsoft and Google, which said it went public with the bug it rated as “critical” after giving Microsoft 10 days to issue an advisory or fix because it was being actively exploited. Microsoft disputed Google’s assessment of the bug’s threat and said Google’s disclosure “could put customers at potential risk.”

Microsoft said a hacking group known as Strontium was behind the email attacks. The group, more widely known as “Fancy Bear” and APT 28, was linked to a series of hacks this summer, including one in which emails and chat transcripts were stolen from the Democratic National Committee’s computer network.

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s