Windows zero-day exploited by same group behind DNC hack
Source: Ars Technica
Windows zero-day exploited by same group behind DNC hack
Microsoft threat teams tied use of bug to APT28, aka "Fancy Bear"
SEAN GALLAGHER - 11/1/2016, 8:50 PM
On Oct. 31, Google's Threat Analysis Group revealed a vulnerability in most versions of Windows that is actively being exploited by malware attacks.
Today, Terry Myerson, executive vice president of Microsoft's Windows and Devices group, acknowledged the exploit was being used actively by a sophisticated threat groupthe same threat group involved in the hacks that led to the breach of data from the Democratic National Committee and the Clinton campaign. And while a patch is on the way for the vulnerability, he encouraged customers to upgrade to Windows 10 for protection from further advanced threats.
Myerson wrote:
Recently, the activity group that Microsoft Threat Intelligence calls STRONTIUM conducted a low-volume spear-phishing campaign. Customers using Microsoft Edge on Windows 10 Anniversary Update are known to be protected from versions of this attack observed in the wild. This attack campaign, originally identified by Google's Threat Analysis Group, used two zero-day vulnerabilities in Adobe Flash and the down-level Windows kernel to target a specific set of customers.
Microsoft customers using Windows 10 with Windows Defender Advanced Threat Detection are already protected against the zero-day, Myerson noted, because the software "will detect STRONTIUMs attempted attacks thanks to ATP's generic behavior detection analytics and up-to-date threat intelligence."
[font size=1]
-snip-[/font]
Read more:
http://arstechnica.com/security/2016/11/windows-zero-day-exploited-by-same-group-behind-dnc-hack/