Skip navigation

Security Update for Windows Exploit Used Against Government Officials

Today, Microsoft will release a security update that patches a critical Windows zero-day vulnerability reported by Google weeks ago. The vulnerability affects all versions of Windows, from Vista to Windows 10.

Google has already disclosed the vulnerability, 10 days after reporting it to the vendor, as per their policy. They also reported a critical Flash bug, CVE-2016-7855, that was patched by Adobe five days later.

Microsoft reports that users of the Windows 10 Anniversary Update should be protected against the latest vulnerability. But those running older versions of Windows should patch their systems today to reduce the amount of time that an attacker has to exploit the flaw.

Zero-Days Used Against Political Groups & Politicians

According to a Microsoft blog, the group dubbed Strontium launched a spear-phishing campaign that used a combination of both the Flash and Windows zero-days to attack users.

The attackers exploited the Flash vulnerability to first gain control of the browser process, then elevate privileges in order to escape the browser sandbox (using the Windows 10 vulnerability), and finally install a backdoor to give themselves access to the victim’s computer.

This hacker group is also known as APT28 and Fancy Bear by other security firms. Ars Technica reported that Strontium is one of the two threat groups involved in the breach of the Democratic National Committee (DNC) earlier this summer, in addition to the attacks against Clinton campaign Chair John Podesta and former Secretary of State Colin Powell.

According to a CrowdStrike blog about their investigation into the DNC security breach, the Fancy Bear threat actor is known for registering domain names designed to look similar to their targets. Additionally, by spoofing web-based email web pages, they trick their victims into entering their credentials in order to gain access to their email accounts.

Preventative Measures to Protect Against Exploits

It’s possible to take action to reduce your exposure to these type of attacks, which take advantage of two key aspects of any organization:

  1. Weak Authentication - It’s trivial for attackers to spoof a website, send a phishing email, and steal user credentials. Make it harder for them by implementing stronger access controls, like two-factor authentication that requires another way of verifying their identities in addition to a password.
  2. Unpatched and Legacy Systems - Once disclosed, attackers can quickly write code to target vulnerable operating systems and plugins, like Flash, to compromise your users’ devices. Using a comprehensive access security solution that checks your users’ devices for out-of-date software at login and blocks or notifies them to update can ensure every device is healthy and trusted.

2016 Duo Trusted Access Report: Microsoft Edition

This approach, known as Trusted Access, verifies users’ identities and checks the security health of their devices before granting them secure access to applications.

Over half of devices used to log into enterprise applications were running an old operating system version, Windows 7, potentially putting them at risk of vulnerabilities that can be exploited to steal passwords and compromise systems.

See more statistics like these and get our security recommendations by downloading The 2016 Duo Trusted Access Report: Microsoft Edition.

It’s a 28-page data analysis providing a closer look at the security health of devices running Microsoft software and accessing Microsoft applications.

Download Report

Thu Pham

Information Security Journalist

@Thu_Duo

Thu Pham covers current events in the tech industry with a focus on information security. Prior to joining Duo, Thu covered security and compliance for the infrastructure as a service (IaaS) industry at Online Tech. Based in Ann Arbor, Michigan, she earned her BS in Journalism from Central Michigan University.