Google thread analysis group disclosed a major Windows bug publicly. Microsoft says Russian Hackers are using that unpatched bug to do phishing attacks.
Microsoft: Russian Hackers Are Using The Bug Disclosed By Google
As we all know, a few days ago Google threat analysis group disclosed a critical vulnerability in Windows in Google’s security blog and had also notified the bug to Microsoft 10 days before addressing the issue openly.
On return one of the Microsoft’s spokesperson said to VentureBeat “Today’s disclosure by Google puts customers at potential risk, We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection”
Microsoft said in a blog post that the bug Google had disclosed it to the public is being used by Russia-based Fancy Bear Group, which is also known as Strontium to conduct a low-value spear-phishing campaign.
Microsoft had officially said that the patch to protect Windows users from the newly discovered threat will be release on November 8th-the same day as the U.S presidential elections.
However, Google’s disclosure of this vulnerability before patches angered Microsoft, they called it “disappointing” and saying it “puts customer at increased risk” Terry Myerson, Executive vice president, Windows, and Devices group wrote “We believe responsible technology industry participation puts the customer first and requires coordinated vulnerability disclosure,”
Microsoft engineers are working to create a patch for this new vulnerability. However, you can take some precautions to avoid any kind of attack. You can update your Google Chrome and Adobe Flash and wait until Microsoft releases the patch to fix the issue.
For more details, you can read Microsoft’s official blog post.