You are here

Microsoft says hacking group targeted Windows, Adobe Flash

40222164 - 17_10_2016 - MICROSOFT-RESULTS_.jpg
Microsoft Corp said a computer-hacking group that has previously targeted government agencies attacked its Windows software and Adobe Systems Inc's Flash program.

[SEATTLE] Microsoft Corp said a computer-hacking group that has previously targeted government agencies attacked its Windows software and Adobe Systems Inc's Flash program.

The company will release a security patch for its operating system on Nov 8, Windows chief Terry Myerson said Tuesday in a blog post on Microsoft's website. Users of Microsoft's Edge browser on the latest update to Windows 10 are protected from the flaw, the company said.

The security exploit, by a group Microsoft calls Strontium, was discovered by Google's Threat Analysis Group and announced on Monday. The attacks, which sought to take control of a user's computer, took advantage of so-called zero-day flaws, or security holes that are unknown to the product's vendor and therefore no patch has yet been developed.

"Strontium is an activity group that usually targets government agencies, diplomatic institutions, and military organisations, as well as affiliated private sector organisations such as defence contractors and public policy research institutes," according to the Microsoft blog.

sentifi.com

Market voices on:

"Microsoft has attributed more zero-day exploits to Strontium than any other tracked group in 2016."

The group is also known as Fancy Bear and APT 28 and has been previously linked to the Russian government and US political hacks, Reuters reported.

Google's Disclosure

In a blog post on Monday, Google said it reported the issue to Adobe and Microsoft on Oct 21, and Adobe updated Flash five days later. The Internet-search giant, a unit of Alphabet Inc, said its policy is to disclose actively exploited security vulnerabilities after seven days.

Still, Microsoft expressed displeasure with Google for announcing the hack before a patch for Windows was available.

"Responsible technology industry participation puts the customer first, and requires coordinated vulnerability disclosure," Mr Myerson wrote in the blog.

"Google's decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk."

BLOOMBERG

Powered by GET.comGetCom