The u.s. group Microsoft warned Tuesday that a vulnerability in its Windows software, recently exposed by its rival Google, was exploited by hackers suspected of having carried out attacks against political institutions in the united states. The group of pirates, that Microsoft calls “Strontium”, has launched a campaign of phishing attacks aimed at specific targets, including government agencies or diplomatic institutions and military, writes Terry Myerson, corporate vice president of Microsoft support including Windows, on a official blog of the group.
Microsoft describes Strontium as having the characteristics of the groups of pirates with the backing of a State, without specifying which. This group, which has also been dubbed as a series of other names, is, however, generally described by the experts in cyber security as a operation of hacking sophisticated with ties to Russia. In particular, it is suspected of piracy having referred recently to the servers of the democratic party. The direction of american intelligence (ODNI) had denounced at the beginning of the month an attempt of Moscow”to interfere in the electoral process, american.” The Kremlin had responded by calling these accusations “rubbish”.
In this case, the attackers combine their attacks, phishing, exploitation of security holes in Windows and in Flash, an Adobe software, to install backdoors on computers in order to be able to then get in their way. Phishing is to send personalized e-mails, and seeming to emanate from an official body in order to incite the recipient to click on a link or an attachment, and to retrieve confidential information.
This is not Microsoft itself, but researchers from Google who had made these vulnerabilities public on Monday, describing them as “particularly serious” and that “they are actively exploited”. Terry Myerson has, however, criticised the fact that his rival did not wait for the problem to be solved. “Google’s decision to reveal these flaws before patches are widely available and tested is disappointing, and carries an increased risk to consumers”, he says.
Google had argued that it had given seven days to Microsoft to fix the problem before you make it public: he says he informed Microsoft, and Adobe its discovery as early as 21 October. An update of Flash has been made 5 days later. Microsoft says on Tuesday that its own security patches are in testing phase and should be the subject of an update to the 8 November. Terry Myerson provides, however, that the users using the browser Edge and the latest version of Windows 10 should not be vulnerable.
No comments:
Post a Comment