Russia Accused of Targeting Microsoft with Zero-Day Exploit

Google publicly revealed the existence of two zero-day flaws, or security holes, in Adobe Flash and the Microsoft Windows operating system that allow attackers to take control of a user’s computer. Adobe has since patched its security hole. Microsoft attributed the exploited vulnerability to the hacker group popularly known as Fancy Bear—the Russian military intelligence-affiliated group responsible for a number of recent breaches, including the DNC earlier this year. Microsoft has suggested that it will patch the vulnerabilities on November 8, U.S. Election day.
The Cipher Take: Zero-day exploits are previously unknown vulnerabilities in software’s source code—they are quite rare and require a great deal of effort and resources to exploit via custom-built code. Google raised controversy by announcing the flaw publicly only 10 days after giving initial private notice to Microsoft. By doing so without a viable patch yet available drew attention to the problem, allowing for further exploitation.


No comments :