The security experts at Google have struck again. After you have detected a flaw zero day actively exploited by hackers in Windows, they finally make it public this October 31, because Microsoft had failed to correct it in seven days. The firm of Redmond’s displeasure is most ardent. the ” The decision of Google to disclose such information before the patches are tested and made widely available is disappointing and makes bring to the clients a greater risk “, accuses Terry Myerson, the executive vice-president of Windows in a post on an official blog dedicated to safety. This latter has also revealed that the breach affects versions going from Vista to Windows 10 Anniversary Update.
For its part, Google says that the flaw is ” serious “ and already ” actively exploited “, which required the reveal soon to the public at large, in accordance with the rules that follows his team since 2013.
This is not the first time that the two companies are squabbling about vulnerabilities. In 2015 already, the hackers, the Project Zero of Google had released details around a critical flaw in Windows 8… which had provoked the wrath of Microsoft.
The double vulnerability has been exploited by the group Strontium
But this time, there are actually emergency. Because the vulnerability that points the finger at Google, has already been used by a group of hackers especially trained to hack into government agencies and political institutions.
This group, that Microsoft christens Strontium (but that is also known under the name of APT 28 or Fancy Bear), working in a very professional manner, thanks to an explosive cocktail combining spear phishing (e-mail targeted vérolés) and in this case not less than two exploits taking advantage of vulnerabilities, zero-day, in other words, not yet “patched”.
The first, affecting the software Flash, which gave the hand on the internet browser. The second is that Microsoft has not corrected, allows them to bypass the browser’s security to take control of the machine. Do their remains then is to install a backdoor to access when they want to the computer without being noticed.
Adobe a secure Flash from the 26th of October last. For its part, Microsoft claims not to be able to correct the flaw before the 8 November. In the meantime, the company recommends its users to upgrade to Windows 10 Anniversary Update, whose security has been enhanced, and use Edge, its new web browser.
No comments:
Post a Comment