It seems that most versions of Windows OS contain a vulnerability that’s exploited by malware attacks. The flaws have been exploited by a Russian-linked hacking group that’s called Stronium, also known as “Fancy Bear”, which was able to hack the Democratic National Committee. In less than a week, Microsoft will issue patches for all Windows versions.
A few days ago, Google’s Threat Analysis Group has discovered a vulnerability in Microsoft’s Windows that’s used by a dangerous involved in the hacking on the US Election (DNC and Clinton). Terry Myerson, executive vice president of Microsoft’s Windows and Devices group, has written in an adversary that “Customers using Microsoft Edge on Windows 10 Anniversary Update are known to be protected from versions of this attack observed in the wild.
This attack campaign, originally identified by Google’s Threat Analysis Group, used two zero-day vulnerabilities in Adobe Flash and the down-level Windows kernel to target a specific set of customers.”
The good news that Windows Defender Advanced Threat Detection is protecting Windows 10 against the zero-day because it detects STRONTIUM’s attempted attacks “thanks to ATP’s generic behavior detection analytics and up-to-date threat intelligence.” Strontium has a lot of names, such as APT28, “Fancy Bear” or Tsar Team, but it’s not sure if the group has used the zero-days revealed by Google to steal data from Clinton campaign Chair John Podesta, former Secretary of State Colin Powell and others.
Google has identified the Windows zero-day flaw in win32k, which was already used in a Russian spear-phishing campaign. If the vulnerability is exploited, it can escape the sandbox protection, then execute malicious code on infected devices.
Myerson has added that Microsoft has coordinated with Google and Adobe “to investigate this malicious campaign and to create a patch for down-level versions of Windows” and now is being tested for all versions of Windows, in order to be released publicly on November 8.