Flaw revealed by Google is being exploited by hackers linked to Russia’s government, Microsoft warns. A fix is due next week.
Microsoft said Tuesday it will issue a fix next week for a Windows vulnerability it says is being exploited by hackers linked to Russia’s government.
Microsoft said in a company blog post it would release the fix on November 8 as part of its normal patch cycle, adding that a well-known hacking group was already using the newly discovered flaw in a spearphishing campaign. The bug, which was publicly revealed by Google on Monday, can be used to bypass the security sandboxing in the Windows32K system.
The bug’s revelation has caused some friction between Microsoft and Google, which said it went public with the bug it rated as “critical” after giving Microsoft 10 days to issue an advisory or fix because it was being actively exploited. Microsoft disputed Google’s assessment of the bug’s threat and said Google’s disclosure “could put customers at potential risk.”
Microsoft said a hacking group known as Strontium was behind the email attacks. The group, more widely known as “Fancy Bear” and APT 28, was linked to a series of hacks this summer, including one in which emails and chat transcripts were stolen from the Democratic National Committee’s computer network.