Microsoft blames Russia-linked hackers for recent email hack attacks on Windows
The Californian computing giant said on Tuesday that it plans to issue a patch to fix the issue on November 8.
The problem had first been brought to light by Google, who went public with news of the vulnerability after Microsoft failed to patch it within ten days of being informed about it.
Google didn't give Microsoft its usual 60-day timeframe for fixing because it said it saw evidence that the vulnerability was being actively exploited. Google didn't say who buy, but Microsoft has now shed light on that - with company exec Terry Myerson pointing the finger at a Stronium, a Russian government-linked hacking group also known as Fancy Bear or APT 28.
The exploit relied in vulnerabilities in both Windows and Adobe's Flash software, and was spread using spear-phishing - spoofing emails to trick users into clicking on links or downloading files.
If successful, the attacker would "exploit Flash to gain control of the browser process ... elevate privileges in order to escape the browser sandbox," and then finally "install a backdoor to provide access to the victim's computer."
The news comes after American intelligence officials accused Russian spies of hacking into the emails and systems of Democratic Party officials in an apparent attempt to undermine the legitimacy of next week's Presidential election. Some email accounts have been compromised by spear phishing attacks by Fancy Bear/Stronium - although it's not immediately clear if the vulnerability disclosed by Google was used for this.
Microsoft has not revealed the targets of the attack, but it does say the attacks were "low volume," and discusses Stronium's focus on political targets in its blog post.
"STRONTIUM is an activity group that usually targets government agencies, diplomatic institutions, and military organizations, as well as affiliated private sector organizations such as defense contractors and public policy research institutes," it wrote.
"Microsoft has attributed more 0-day exploits to STRONTIUM than any other tracked group in 2016. STRONTIUM frequently uses compromised e-mail accounts from one victim to send malicious e-mails to a second victim and will persistently pursue specific targets for months until they are successful in compromising the victims' computer. Once inside, STRONTIUM moves laterally throughout the victim network, entrenches itself as deeply as possible to guarantee persistent access, and steals sensitive information."
Microsoft had sharply rebuked Google for its public disclosure before it could issue a fix. "We believe in coordinated vulnerability disclosure, and today's disclosure by Google could put customers at potential risk," a spokesperson said.