Microsoft Says Russian Hackers Attacked Google-Reported Windows Zero Day

Russia-linked hackers exploited a previously unknown vulnerability in the Windows operating system Google disclosed before Microsoft had a patch ready.

Google on Oct. 31 said a critical vulnerability in a Windows kernel was being actively exploited, and that the announcement comes seven days after its discovery per its policy. Microsoft responded in a blog post Tuesday, and it was not thrilled.

“We believe responsible technology industry participation puts the customer first, and requires coordinated vulnerability disclosure. Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk,” Terry Myerson, Windows and Devices Group executive vice president, wrote in the post.

Microsoft also said the threat actor it calls Strontium, but also known as Fancy Bear or APT 28, used the flaw plus two Adobe Flash flaws to conduct “low-volume spear-phishing campaigns.” The group is linked to the Democratic National Committee email breaches and other recent cyber incidents at political organizations and think tanks. 

“STRONTIUM is an activity group that usually targets government agencies, diplomatic institutions and military organizations, as well as affiliated private sector organizations such as defense contractors and public policy research institutes,” the blog post said.

Microsoft said it is testing patches for release Nov. 8 and that customers should consider upgrading to Windows 10.