Microsoft: Russian hackers behind Windows flaw
Microsoft plans to release a fix on 8 November, but is left disgruntled after Google publicly exposed the flaw
Microsoft has confirmed that it discovered a security flaw in its operating system, to which it believes a Russian hacking group is to blame.
In a blog post, Microsoft said it plans to release the fix on 8 November as part of its normal patch cycle. However the company also revealed that the hacking group, known as Strontium, as well as Fancy Bear and APT 28, was behind the small number of attacks, which relied on spear phishing emails.
The statement said: "Recently, the activity group that Microsoft Threat Intelligence calls STRONTIUM conducted a low-volume spear-phishing campaign. Customers using Microsoft Edge on Windows 10 Anniversary Update are known to be protected from versions of this attack observed in the wild. This attack campaign, originally identified by Google's Threat Analysis Group, used two zero-day vulnerabilities in Adobe Flash and the down-level Windows kernel to target a specific set of customers.
"We have coordinated with Google and Adobe to investigate this malicious campaign and to create a patch for down-level versions of Windows. Along these lines, patches for all versions of Windows are now being tested by many industry participants, and we plan to release them publicly on the next Update Tuesday, Nov 8."
As the statement states, Google was first to reveal the flaw which has now resulted in friction between the two companies. Google has said it gave Microsoft 10 days to fix the flaw but as Microsoft did not, Google went public with the bug and called it critical.