Windows bug exploited by hackers tied to Russia

CNN drops the ball, better check up on their lack of reporting/sensationalism/Russia war drum beating before sounding any alarms here.

The group, which was previously tied to Russia's best intelligence agency by other cybersecurity firms, were exploiting a bug recently discovered by Google, Microsoft said.
Click to expand...
If you follow the 'said' link it goes here:
https://blogs.technet.microsoft.com/mmpc/2016/11/01/our-commitment-to-our-customers-security/

Of which does not mention Russia less a citation to https://www2.fireeye.com/apt28.html which again does not tie Russia to this and is largely irrelevant to today's discussion. Do a search in the PDF and see for yourself.

Microsoft said the bug was never effective in its Windows 10 Anniversary Update, which launched in August, due to security enhancements.
Click to expand...

Google gave MS 7 days to patch Adobe (Not they they even could - not their source code), Adobe did it in 5.

It wasn't a MS bug, either.. it's ANOTHER Adobe Flash issue - and it's been patched/mitigated for some time... so same old story.. people using outdated and unpatched software and IE/Edge are vulnerable... gee, who wooda thunk it?

Also, when CNN writes:
Adobe addressed the bug with an update to its Adobe Flash Player on October 26, five days after it was first notified by Google. Microsoft, however, had yet to issue a fix, so Google(GOOG)went public with the bug on Monday.
Click to expand...

So why the F*** does CNN think MS is responsible for Adobe software? Freaking retards. Also, why would MS issue a patch when the following is true (In the same freaking article BTW):
Microsoft said the bug was never effective in its Windows 10 Anniversary Update, which launched in August
Click to expand...

That sounds more or less like a 'patch' in August, so wtf is CNN talking about?

This is a fluff piece based on nothing, written by someone that knows dick about squat. Sara Ashley O'Brien should stick with what she knows, which is Business startups and the money side of things.. leave the tech stuff to others.
 
phaZed said:
CNN drops the ball, better check up on their lack of reporting/sensationalism/Russia war drum beating before sounding any alarms here.


If you follow the 'said' link it goes here:
https://blogs.technet.microsoft.com/mmpc/2016/11/01/our-commitment-to-our-customers-security/

Of which does not mention Russia less a citation to https://www2.fireeye.com/apt28.html which again does not tie Russia to this and is largely irrelevant to today's discussion. Do a search in the PDF and see for yourself.



Google gave MS 7 days to patch Adobe (Not they they even could - not their source code), Adobe did it in 5.

It wasn't a MS bug, either.. it's ANOTHER Adobe Flash issue - and it's been patched/mitigated for some time... so same old story.. people using outdated and unpatched software and IE/Edge are vulnerable... gee, who wooda thunk it?

Also, when CNN writes:


So why the F*** does CNN think MS is responsible for Adobe software? Freaking retards. Also, why would MS issue a patch when the following is true (In the same freaking article BTW):


That sounds more or less like a 'patch' in August, so wtf is CNN talking about?

This is a fluff piece based on nothing, written by someone that knows dick about squat. Sara Ashley O'Brien should stick with what she knows, which is Business startups and the money side of things.. leave the tech stuff to others.
Click to expand...

More info on the bug from a more reliable source:
http://thehackernews.com/2016/11/windows-zeroday-exploit.html
 
They keep calling it a "Windows Bug" - yet, it's a Adobe Flash bug in the beginning which allows machine code execution. Without flash, arbitrary remote code execution of the/any exploit is not possible. The 'bug' in Windows could be implemented in something like an executable, however, which is where Microsoft needs to patch (and the hubub with MS).

So to be clear:
The vulnerability affects Windows, Linux and Mac desktop versions of Flash 23.0.0.185 and earlier, as well as Flash Player for Google Chrome, and Microsoft Edge and Internet Explorer on Windows 10 and 8.1.
Click to expand...
https://threatpost.com/adobe-patches-flash-zero-day-under-attack/121567/

Adobe said the flaw is a use-after-free vulnerability, and that users should update to version 23.0.0.205 on all platforms. Use-after-free vulnerabilities are memory corruption issues that expose systems to code execution.
Click to expand...


So, no, it IS an "everyone bug" due to privileged code execution due to Adobe Flash. It looks like the exploit being run by Adobe is likely just another Atom Bomb(old hat stuff):

while on Linux and (possibly) OSX the code execution could be using the Dirty Cow exploit:
[/QUOTE]


So, I see where MS is coming from in the sense that you must have the Adobe Flash vulnerability to run the exploit - since that's been patched, the problem is largely mitigated and they can 'take their time' patching and testing said patch dealing with win32k.sys system call to NTSetWindowLongPtr() as detailed here:
http://thehackernews.com/2016/10/google-windows-zero-day.html

That being said, the actual STRONTIUM exploit dealing with win32k.sys IS being detected generally with Windows Defender(!) ATP already(and has been for some time) - it was the arbitrary code execution within Adobe Flash that allowed it to go unnoticed and fly under the radar since Flash, by it's nature, is trusted to call screen draw commands via Sys32 calls. So, it has been largely mitigated by MS unless another 3rd party (eg, Adobe) hack is found that can execute machine code AND be 'trusted' by Defender/AV.

Whew!
 
kpk1 said:
Microsoft have an answer for everything....
Click to expand...
Yeah, they do, and it's usually a stupid answer. Like when people were saying, "I don't like Windows Vista." The Microsoft answer for that was essentially, "Yes you do, it's better!"
 
The problem is users see the adobe flash update 3 out of 4 will close it and not update flash or java there lies the problem most systems i get have outdated flash i ask customer why don't you let it update they say they are not sure if it was safe and just hit the X and cancel them.
 
Part of the MS side of it may be on Windows 10, which I believe now bundles flash in some way similar to what Chrome was doing - but I haven't paid a lot of attention to it.
 
You must log in or register to reply here.

Similar threads

GTP
Activate any version of Windows, Windows Server, Office etc...
Replies
5
Views
711
fincoder
fincoder
xrobwx71
Microsoft tests new Windows 11 tool to remotely fix boot crashes
Replies
7
Views
1K
Sky-Knight
Sky-Knight
Appletax
[SOLVED] Intel Rapid Restore Driver Causes BSOD - DRIVER_POWER_STATE_FAILURE
Replies
3
Views
770
Appletax
Appletax
Metanis
[TIP] Microsoft Account got hacked. PW change didn't help!
Replies
8
Views
2K
Sky-Knight
Sky-Knight
Appletax
[TIP] Manually Resize Recovery Partition in Win 10 so Updates Do Not Fail
Replies
5
Views
792
Appletax
Appletax
Back
Top