Microsoft says a newly discovered flaw in its Windows software was used by a hacking group that other researchers have linked to Russia’s government and computer intrusions at the Democratic National Committee. The flaw was detected by researchers at Google, who recently alerted software makers Microsoft and Adobe Systems about vulnerabilities in their programs. Adobe issued a fix for its software last week. Microsoft says it’s testing a patch and will release it next week. Microsoft acknowledged the problem, saying only that it affected older versions of Windows and was used by a group called Strontium to target “a specific set of customers.”
The security firm Crowdstrike and others have linked Strontium, also known as “Fancy Bear,” to recent attacks on government, media and political targets in several countries.
Google, in a blogpost, said the 0-day vulnerability in Windows is pretty serious. Venture Beat quoted a Microsoft spokesperson who told the site that the disclosure puts users at risk. “We believe in coordinated vulnerability disclosure, and today’s disclosure by Google puts customers at potential risk,” the spokesperson told the site.
Neel Mehta and Billy Leonard, Threat Analysis Group at Google explained the Windows vulnerability is a local privilege escalation in the Windows kernel and it can be used as a security sandbox escape. “It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome’s sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability,” they said.