Microsoft gets hit by Windows hack from Russia

Microsoft, recently, made a statement that their Windows operating system was hit by a newly discovered flaw that had been responsible for cyber attacks in the past. The company claims these attacks come from the same group that was previously linked to the Russian government.

Badlock vulnerability

While a certain patch to fix this ‘flaw’ will be rolled out to Windows 10 users by November 8, this vulnerability was pointed out last week by Google and was further followed by Microsoft to identify the source back to a hacking group known Strontium, which is more widely known as “Fancy Bear”.

The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape. It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome’s sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability, reported Google.

This group was reportedly using phishing e-mails to get into user systems running Windows 10.

“Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk,” said Microsoft in a press statement.

They further added,

We have coordinated with Google and Adobe to investigate this malicious campaign and to create a patch for down-level versions of Windows. Along these lines, patches for all versions of Windows are now being tested by many industry participants, and we plan to release them publicly on the next Update Tuesday, Nov 8.

Interestingly enough, the scoop is that Fancy Bear primarily works for or is hand in hand with the GRU, Russia’s military intelligence agency, which U.S. intelligence has concluded were responsible for hacks of Democratic Party databases and emails earlier this year. This could mean that the two nations are once again at the brink of a cyber warfare.

The tech giant mentioned that this new flaw was particularly attacking Adobe’s PC software as well as other macro aspects in the Windows operating system. The threat identification by Google has actually forced Microsoft to speed up the process. Google’s latest policy orders the victim firm to resolve the flaw in 7 days to avoid facing any penalties or drop in rankings.

But, Microsoft claims that the latest Windows 10 Anniversary Update is immune to the flaw due to improved security features in the update. For now, Microsoft users should ensure auto updates are turned on for all Adobe and native Windows software on their computer.

Posted by with Tags

A constant learner of gadgets, Ankit has been writing about technology and the internet, in general, for the past three years, and has written for several well-known media outlets.