HomeWinBuzzer NewsMicrosoft Says Russian Hackers Exploiting Newly Found Windows Vulnerabilities

Microsoft Says Russian Hackers Exploiting Newly Found Windows Vulnerabilities

A Russian group called STRONTIUM is identified as the one behind the attacks. Microsoft is responding with plans to release patches next week, on November 8th.


In a guest blog post, Terry Myerson, Executive Vice President, Windows and Devices Group explained that hackers conducted a low-volume spear-phishing campaign. First spotted by 's Threat Analysis Group, the attack used two zero-day vulnerabilities in Adobe Flash and the down-level Windows kernel to target a specific set of customers.

Through coordination with Google and Adobe, is investigating this malicious campaign, creating a patch for down-level versions of Windows. Patches for all versions of Windows are being thoroughly tested as well.

Another reason to update to Windows 10

Microsoft points out that users on Anniversary Update are fully protected from versions of this attack. With that in mind, they recommend that all customers upgrade to Windows 10, their most secure operating system built to this day.

Microsoft also provided the three objectives in order for STRONTIUM' attack to be successful:

  • Exploit Flash to gain control of the browser process
  • Elevate privileges in order to escape the browser sandbox
  • Install a backdoor to provide access to the victim's computer

Microsoft assures that it has several threat prevention and exploit mitigation features at their disposal to counter these steps.

Special mention goes to Windows Defender Advanced Threat Protection (ATP) as users that enable can detect STRONTIUM's attempted attacks. Multiple behavioral and machine learning detection rules and up-to-date threat intelligence detect multiple stages of the attack.


One noticeable bit from the post is Microsoft's dissatisfaction with Google's handling of the situation, disclosing the vulnerabilities before patching. Microsoft believes that the customers are put first, hence arguing that Google's decision is “disappointing, and puts customers at increased risk.”

STRONTIUM, also known as Fancy Bears or APT 28, is a well-known name in the cyber world. They were accused by USA of being responsible for recent political cyber attacks, working for Russia's military intelligence agency. Microsoft states that it has attributed more 0-day exploits to STRONTIUM than any other tracked group in 2016.

Sead Fadilpasic
Sead Fadilpasichttp://journalancer.com/
Sead is a former Al Jazeera journalist who shares his passion for technology on various tech media outlets. Formerly a heavy gamer (semi-professional Warcraft 3 gosu), he now enjoys reviewing software and churning out words about the latest tech-news. He holds a college degree in Journalism and likes to annoy his neighbors by playing one of his three electric and two acoustic guitars.

Recent News