Microsoft Warns of Windows Zero-Day Flaw Exploited by Russian Hackers

Microsoft on Tuesday confirmed that the allegedly Russian hacking group Strontium has launched a spear phishing campaign to exploit a recently discovered flaw in Windows 10.

The recently disclosed flaw exploits Adobe Flash to elevate privilege on a machine so that a browser sandbox can be bypassed. Once through, an attacker can install a backdoor on a system.

"Based on the analysis performed by the Windows Defender ATP Exploit research team and the Microsoft Security Response Center (MSRC), the vulnerability in Adobe Flash leveraged by STRONTIUM was found to be a use-after-free issue affecting ActionScript runtime code," wrote Terry Myerson, executive vice president for the Windows and Devices group at Microsoft, in a blog post.

Microsoft said those running either Edge on the latest Windows 10 "Anniversary" update are protected from this flaw thanks to the increased sandbox protection capabilities. It is also working with Adobe to release a Windows patch for older versions of the OS sometime next week. On Adobe's end, the company said it had already patched the Flash flaw in its software.

Word that Strontium, the hacking group allegedly behind the recent U.S. Democratic e-mail hack and more 0-day exploit campaigns than any other group this year (according to Microsoft), was actively taking advantage of the unpatched flaw came just days after Google's Threat Analysis Group publicly disclosed the flaw on Monday.

In a security blog, Google described the flaw as "a local privilege escalation in the Windows kernel that can be used as a security sandbox escape. It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome's sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability."

Microsoft criticized Google for disclosing the flaw to the public just a week after Google's security team alerted Microsoft engineers of the issue, citing it didn't provide adequate time for Microsoft to address the issue.  "We believe responsible technology industry participation puts the customer first, and requires coordinated vulnerability disclosure," wrote Myerson. "Google's decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk."

According to Google, the  disclosure of the flaw just seven days after alerting Microsoft was in line with its policy for alerting the public of actively exploited critical vulnerabilities, citing Microsoft not issuing an advisory as a major reason for Google's disclosure.

As Microsoft works on a fix, the company is recommending that those that can should upgrade to the latest version of Windows 10.

About the Author

Chris Paoli is the site producer for and


  • Windows 10 Mobile To Fall Out of Support in December

    Microsoft will end support for the Windows 10 Mobile operating system on Dec. 10, 2019, according to an announcement.

  • Get More Out of Your Outlook Inbox with TakeNote

    Brien comes across a handy, but imperfect, feature in Outlook that lets you annotate specific e-mails. Its provenance is something of a mystery, though.

  • Microsoft Resumes Rerelease of Windows 10 Version 1809

    Microsoft on Wednesday once more resumed its general rollout of the Windows 10 version 1809 upgrade, also known as the "October 2018 Update."

  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.