Microsoft Says Russian Hackers Exploiting Newly Found Windows Vulnerabilities

A Russian group called STRONTIUM is identified as the one behind the attacks. Microsoft is responding with plans to release patches next week, on November 8th.

backit keyboard wiki commons

In a guest blog post, Terry Myerson, Executive Vice President, and Devices Group explained that hackers conducted a low-volume spear-phishing campaign. First spotted by 's Threat Analysis Group, the attack used two zero-day vulnerabilities in Adobe Flash and the down-level kernel to target a specific set of customers.

Through coordination with and Adobe, is investigating this malicious campaign, creating a patch for down-level versions of Windows. Patches for all versions of Windows are being thoroughly tested as well.

Another reason to update to Windows 10

points out that users on Anniversary are fully protected from versions of this attack. With that in mind, they recommend that all customers upgrade to , their most secure operating system built to this day.

Microsoft also provided the three objectives in order for STRONTIUM' attack to be successful:

  • Exploit Flash to gain control of the browser process
  • Elevate privileges in order to escape the browser sandbox
  • Install a backdoor to provide access to the victim's computer

Microsoft assures that it has several threat prevention and exploit mitigation features at their disposal to counter these steps.

Special mention goes to Windows Defender Advanced Threat Protection (ATP) as users that enable can detect STRONTIUM's attempted attacks. Multiple behavioral and detection rules and up-to-date threat intelligence detect multiple stages of the attack.


One noticeable bit from the post is Microsoft's dissatisfaction with Google's handling of the situation, disclosing the vulnerabilities before patching. Microsoft believes that the customers are put first, hence arguing that Google's decision is “disappointing, and puts customers at increased risk.”

STRONTIUM, also known as Fancy Bears or APT 28, is a well-known name in the cyber world. They were accused by USA of being responsible for recent political cyber attacks, working for Russia's military intelligence agency. Microsoft states that it has attributed more 0-day exploits to STRONTIUM than any other tracked group in 2016.