Microsoft and Google are at loggerheads over 0-day vulnerabilities which the latter disclosed to the public before the former could issue a fix for it. To make matters worse, it appears the group behind the attacks are the same Russian hackers who attacked the Democratic National Committee (DNC) servers recently.
In a blog post, Google stated that it had alerted Microsoft and Adobe to the 0-day exploits on October 21. Following this, the second issued an update to Flash on October 26 to patch the problem. In accordance with its 7-day policy for actively exploited critical vulnerabilities, Google chose to make the remaining unsolved Windows issue public.
Google believes this security hole is particularly serious because the company knows that it is actively being exploited. Microsoft has come down hard on the brand for this disclosure, stating that its move to expose the problem before patches are broadly available and tested is disappointing and puts customers at increased risks.
Microsoft said so in a blog post of its own. It believes a group called Strontium is behind the threat, conducting a low-volume spear-phishing campaign to reel in victims via fraudulent emails to gain backdoor access to a computer. The tech giant claims it’s in the process of testing a patch for all versions of Windows which will be released to the public on November 8.
Microsoft claims users who have activated Windows Defender Advanced Threat Protection (ATP) will be able to detect Strontium attacks. The group commonly targets diplomatic institutions, defense contractors, government agencies, public policy research institutes, and military organizations.
Reuters has now pointed out that Strontium, popularly known as Fancy Bear or APT 28, primarily works for Russia’s military intelligence agency GRU. US intelligence officials blame the GRU for the recent spate of attacks on the DNC databases and emails.