David Jones wrote:Microsoft earlier this week said it had fallen victim to "Strontium," its code name for the Russian hacking group also known as "Fancy Bear," which has been linked to recent attacks on Democratic Party systems.
The group launched a spear phishing attack that targeted vulnerabilities in both the Windows operating system and Adobe Flash, according to Terry Myerson, executive vice president of Microsoft's Windows and Devices Group.
The attack, first identified by Google's Threat Analysis Group, involved two zero-day vulnerabilities in Flash and the down level Windows kernel, he explained. It used the Flash exploit to gain control over browsers, elevate privileges to escape the browser sandbox and install a backdoor to gain access to a user's computer.
Microsoft is working with Google and Adobe on a patch and plans to release the fix by Nov. 8, when the next update is scheduled, Myerson said.
Read more: http://www.technewsworld.com/story/84059.html