Microsoft Says Russia-Linked Hackers Are Exploiting Newly Discovered Flaw In Windows OS

An anonymous reader quotes a report from Reuters: Microsoft Corp said on Tuesday that a hacking group previously linked to the Russian government and U.S. political hacks is behind recent cyber attacks that exploit a newly discovered flaw in its Windows operating system. Microsoft said that a patch to defend Windows users against this sort of attack will be released on Nov. 8. The software maker said in an advisory on its website there had been a small number of attacks using "spear phishing" emails from a hacking group known Strontium, which is more widely known as "Fancy Bear" or APT 28. A U.S. intelligence expert on Russian cyber activity said that Fancy Bear primarily works for or on behalf of the GRU, Russia's military intelligence agency, which U.S. intelligence officials have concluded were responsible for hacks of Democratic Party databases and emails. Microsoft said the attacks exploited a vulnerability in Adobe Systems Inc's Flash software and one in the Windows operating system. Adobe released a patch for that vulnerability on Monday as security researchers with Google went public with details on the attack.

Release it sooner?

[mcolgin]

I know that's a crazy idea, but why wait? Get that shit fixed!

Re:

[darkain]

Welcome to "Patch Tuesday" syndrome, horribly amplified by the fact they're now doing a unified single update per month of everything all rolled up into one. You get an all-or-nothing patching system, regardless of how much it fucks up your computer in the process!

Re:

[techno-vampire]

If we didn't know it already, here's proof that to Microsoft, sticking to a monthly patch schedule is more important than keeping their customer's computers safe. And, when it comes down to it, why should they do it differently, when we all know that there are millions of people out there shelling out good money for the Latest and Greatest version of every Microsoft product, even when they know that bugs and vulnerabilities won't be patched in a prompt and timely manner. Say what you want about Linux not

"Fixed" is not the subject. Defects make money.

[Futurepower(R)]

Microsoft makes more money if defects are found in Windows. The defects make people and organizations feel it is necessary to buy a newer version.

Microsoft management apparently thinks, "Why release good software when defects make money?"

There should be government regulations preventing abuse of computer software customers. We shouldn't be forced to install all fixes offered, for example.

We need an open-source operating system that can run all Windows software. (Using Linux requires re-training eve

Re:

[zlives]

Nov. 8th: because only after all efforts to manipulate elections have been completed.

Re:

[Atzanteol]

Some people like to test their fixes a bit before releasing them to production systems.

Re:

[crimson tsunami]

But do any of those people work for Microsoft?

Re:

[crimson tsunami]

Such a coincidence that the patch will be ready and fully tested on a certain date.
Windows complexity is perfectly balanced around some magic Tuesday.

Re:

[epyT-R]

Why are these hosts even on the public network in the first place?

Zee Germans!

[geek]

Is it just me or is everything linked to fucking Russians these days? Reminds of of the old chant "Zee Germans are coming!"

Re:

[Mass Overkiller]

People are getting bored with ISIS this and that so now back to the 60's with Zee Commies!

Re:

[unixisc]

Actually, you can extend that to cover Slavs - any Slavs that the Western political establishment doesn't like. Like it's okay to dump on the Russians, Serbs, Romanians, Bulgarians, Belarussians and any Slavic group perceived to be anti-Muslim.

Re:

[Zontar The Mindless]

Romanians aren't Slavs. And both Romania and Bulgaria are EU members. Serbia's a candidate member.

Orthodox Christians

[Latent Heat]

Actually before the recent resurgence of "political Islam", before Arab states opposed Israel (which defacto allied Arab Muslims and Christians, unlike what is happening now), well before the madness of WW-II, Jews experienced persecution at the hands of Orthodox Christians in Russia. It's the Fiddler-on-the-Roof thing; the Russian-refugee experience is the family history of many persons of Jewish heritage here in America.

It is a point of divergence between Israel, which if not having friendlier relatio

Re:

[FilatovEV]

[W]ell before the madness of WW-II, Jews experienced persecution at the hands of Orthodox Christians in Russia. It's the Fiddler-on-the-Roof thing; the Russian-refugee experience is the family history of many persons of Jewish heritage here in America.

To the extent that Jewish persons seek to influence policy in a way informed by life experience and family history, along with everyone else, Jews in America may have a somewhat different perspective on Russia and other Orthodox Christian countries than Israelis.

You do recognize that persecution of Jews in Russia happened before the October revolution of 1917, right? You do recognize that repressions against Jews were a major reason why many Jews sought to support and lead the October revolution, right? You do know those events had very dramatic effects.

...dude, I don't think you should let ancient life stories affect modern-day policies.

Re:

[unixisc]

...dude, I don't think you should let ancient life stories affect modern-day policies.

Tell that to the Muslims - not just in the Mid East, but all over the world

Re:

[FilatovEV]

...dude, I don't think you should let ancient life stories affect modern-day policies.

Tell that to the Muslims - not just in the Mid East, but all over the world

Haha, that's why I'm talking to you and not to them.

Re:

[unixisc]

Actually before the recent resurgence of "political Islam", before Arab states opposed Israel (which defacto allied Arab Muslims and Christians, unlike what is happening now), well before the madness of WW-II, Jews experienced persecution at the hands of Orthodox Christians in Russia. It's the Fiddler-on-the-Roof thing; the Russian-refugee experience is the family history of many persons of Jewish heritage here in America.

Quite true. However, that persecution dates back to Tsarist Russia, but it's not true about Russia today. Also, while the Soviets blocked Jews from emigrating to Israel, Russia (since 1991) has had no issues w/ that.

One quibble - 'Political Islam' is nothing but Islam itself: that religion is a geopolitical ideological cult masquerading as a religion. The Islamic calendar - the Hejira (sp?) starts w/ Mohammed becoming the ruler of Medina. The Qur'an is replete w/ hateful rhetoric against not just heat

Re:

[unixisc]

One more thing I should add - when the West recognized Kosovo's secession from Serbia, Israel declined to join the crowd. They know that the Islamic tendencies of Muslims would sooner or later lead to them backing their Muslim comrades in the Mid East against Israel. Similarly, Israel declined to support the US when they bombed Serbia in 1998, knowing what it entails

Israel and Slavic Countries

[Latent Heat]

It was a friend, an intellectual with knowledge of my heritage, whose own family heritage is that of the Jewish experience in Ukraine from Tsarist times, who made me aware of the situation with Israel, Serbia, and the Kosovo War.

There are so few "Great Russians" in the US, or at least until very recently, that the only connection Americans have had with Russia is through families whose ancestors were refugees from the persecutions of Jews in pre-Revolutionary Russia.

What you say about Israel and Russia

Re:

[amiga3D]

It's always someone. It seems we've always been at war with East Asia.

Re: Zee Germans!

[Type44Q]

We've always been at war with Microsoft.

Re:

[phantomfive]

Democrats need a bogeyman to make you afraid so you'll vote for them. Grew up during the Cold War and this tactic was used all the time.

I was about to assert that it was the Republicans who used this tactic in the old days, but now that I think of it, this was made by a democratic candidate [youtube.com].

Troll

[s.petry]

Simple statement to recognize a troll: "Remember, unfettered Capitalism is Fascism." which simply means you do not know what Capitalism is. No point reading after that piece of ignorance.

Re:

[Anonymous Coward]

Possibly in part because Russia threatens (And regularly delivers) to expose the widespread computer illiteracy of American officials.

Re:

[rholtzjr]

ZOMG, dang ruskies!!!

Seriously, while it may be them, doesn't it seem that ALL flaws recently point to them exploiting. Heck, I would not be surprised if someone in China OR the NSA is saying "Watch this, we can make them think the Russians did it".

Re:

[Anonymous Coward]

What do you mean "everything"? It's always the same damn thing. Do you mean you hear the word "Russia" a lot? Blame dumbass Trump.

Re:

[Maltheus]

It's called propaganda. The people are becoming too uppity on both sides of the aisle. Time to remind America why they need Washington.

Re:

[bongey]

No just BeauHD shilling for Hillary on ./. His twitter feed, "Trump is a saggy sack of shit. If any one of you is even remotely considering voting for him this November, please unfollow me. "
Fucks sakes he posted a Trump bashing tech article the other day from SLATE, WTF?

Re:

[bongey]

More from Hillary Shill BeauHD "That sack of shit next to Hillary is attracting flies! #debate"
"Clinton wiped the floor with Trump tonight. Say hello to your next president, America!"
" It's only a story because it has the 'Trump' buzzword. Stupid media is stupid."
"I bet Trump hired the climber for publicity."

Re:

[syntotic]

You can bring in more Africans and Indians if you so wish, though it looks like Orientals are no longer so willing to come to the USA. I wonder why? Maybe something Made in China reason? Or scared of finding people angry because the abandoned the Nintendo DS platform at the height of its capabilities? Who knows.

Re:

[Agripa]

We have always been at war with Eastasia.

I don't know who to blame.

[freeze128]

Should I be angry at Adobe for having a crappy flash API, or should I be angry at Microsoft for providing Adobe Flash BY DEFAULT in Windows 10?

Re:

[Nehmo]

You should be angry at Microsoft for providing WIndows 10 BY DEFAULT

But I gotta run Windows. That's the OS my cracked programs run on.

Re:

[Anonymous Coward]

Time for MS to follow firefoxs lead. Click to view flash.

Re:

[Rakarra]

Time for MS to follow firefoxs lead. Click to view flash.

But the problem is that no one is going to click to view a flash ad. Or click to view a flash tracking cookie.

Re:

[Bing Tsher E]

And that's a problem for whom??

Re:

[Rakarra]

And that's a problem for whom??

For most of the major moneyed stakeholders.

Also, for the advertisers who keep these sites running.

Re:

[ItsJustAPseudonym]

Yes.

Re:

[freeze128]

Where were you looking? Open Control Panel and you find a Flashplayer applet icon.

This [adobe.com] page says that Flash player is integrated in IE in Windows 10.

Re:

[Trailer Trash]

You should blame Donald Trump for hiring the Russians to do that using his secret server that connects directly to the Russian bank that something or other.

hey ms...

[Anonymous Coward]

...how 'bout "FIX YOUR SHIT" instead doing press and/or blaming the russians for everything from hairloss to sunspots?!

Russia linked?

[dunkelfalke]

Like librussia.so?

Re:

[hey!]

Like librussia.dll?

There. Fixed that for you.

Re:

[dunkelfalke]

Windows DLLs don't usually have the lib prefix. Just saying.

Anonymous Intelligence

[Dunbal]

Russia's military intelligence agency, which U.S. intelligence officials have concluded were responsible for hacks of Democratic Party databases and emails.

Which intelligence agencies would those be? Because the FBI has specifically denied [cnn.com] this. Of course you could just be shilling for Hillary the liar.

Re:

[Archangel Michael]

I've heard it wasn't Russians at all, but US Intel agencies that leaked it, because they (the low level agents) hated the idea of Clinton Presidency, especially once they saw the writing on the wall about the Comey investigation not going after Clinton.

Granted, that is speculation and unnamed sources. But that seems to be all that is needed these days.

Re:

[K. S. Kyosuke]

Granted, that is speculation and unnamed sources. But that seems to be all that is needed these days.

You mean your comment? Yes, that would make sense. But the fact that Russians love Trump for some weird reason [bbc.com] is well known.

Re:

[K. S. Kyosuke]

Yes, the Russians, who want to start a war, love him for that. But you can't be serious to claim that Sanders et al. were "itching to start a war". Besides, why did you guys elect Bush if this is suddenly a no-no for you?

Re:

[Maritz]

why did you guys elect Bush if this is suddenly a no-no for you?

They knew Bush would never pick a fight with anyone capable of fighting back.

It's easy to be a hawk when you're only looking at little chickens.

Re:

[Maritz]

They love Trump because he's the only candidate who isn't itching to start a war.

They love Trump because he would effectively be decapitation strike on the US and NATO. He would leave the west rudderless. He is a complete fucking mong who understands fuck all about anything.

Re:

[Nehmo]

I've heard it wasn't Russians at all, but US Intel agencies that leaked it, because they (the low level agents) hated the idea of Clinton Presidency, especially once they saw the writing on the wall about the Comey investigation not going after Clinton.

Granted, that is speculation and unnamed sources. But that seems to be all that is needed these days.

I don't know who it was that revealed those emails to the American public. It could have been DNC's Director of Voter Expansion Data, Seth Rich http://www.newsweek.com/seth-r... [newsweek.com] . Whoever-it-was did us a service. And whoever-it-was doesn't really matter. What matters is the content.

Re:

[unixisc]

Precisely! Why would they bother w/ Windows when they can just as easily engineer ReactOS to match Windows 7 to the dot, and then release it?

2016

[Anonymous Coward]

2016 cant be over if russians arent also blamed for global warming and erectile disfunction

Re:

[Bing Tsher E]

They're picking on Hillary.

Make them stop it!

A vast right^H^H^H^H^H left wing conspiracy

[knorthern knight]

Poor Hillary... everybody's out to get her.

November 8th

[PPH]

Patch Tuesday. In more ways that one.

Link to Microsoft blog post about this

[shthed]

https://blogs.technet.microsof... [microsoft.com]

NOV 8 to late for the windows based voteing system

[Joe_Dragon]

NOV 8 to late for the windows based voteing systems.

Microsoft fix your OS

[AHuxley]

Hire some really great staff again and fix your OS.
Its not that hard, a few US universities still turn out the best graduates every year. The very best in the world.
They have the skills to make Microsoft products secure again.
What are we seeing in this report?
"A U.S. intelligence expert on Russian cyber activity " seems to have easy and constant press access.
The "tell' is the lack of internal security on the part of the "U.S. intelligence expert" and been allowed to rush to tell the media.
If this

Who wrote the code?

[Zemran]

Reading the story it does sound like M$ are blaming Russia for their shitty work. M$ did not do a good job and as a result the product is bad. Nothing new there. A hacking group exploited the bad code. Nothing new there. For no valid reason they are linked to Russia. This is just propaganda. Of course Russia uses hackers whereas the US has whole divisions of in house hackers. The US is still the number one cyber terrorist and Russia has much less interest in the US than the US imagines. The US want

So?

[Revek]

Same shit different day.

common denominator

[micahraleigh]

Is this why Microsoft and Hillary are so flawed ?

I always knew Donald Trump approved of making Windows worse, and now he is using Putin to do it !!

Russia-linked... is it the NSA?

[zedaroca]

The last dump from the shadow brokers contained the servers the NSA uses to hack others, it included compromised Russian servers (Mustafa Al-Bassam tweet) [twitter.com].

Interesting question

[allaunjsilverfox2]

If a major world power were to go to war with another, what is a multinationals responsibility? Especially if one of those nations demand access to their resources. In this instance, Microsoft was initially a American company. And they have been known to work with American agencies in the past. But they also market to Russia. Really, the question would apply to Wal-mart or any other company that has large databases.