Microsoft recently acknowledged that Windows 10 Anniversary Update users are vulnerable to hacker attacks due to two zero-day vulnerabilities in Adobe Flash and the down-level Windows kernel.
Microsoft was actually forced to acknowledge this security flaw after Google revealed that the vulnerability is already being actively exploited. The search engine giant broke its usual disclosure policy of three months simply because the consequences of not disclosing the attacks would have been too severe.
Recently, the activity group that Microsoft Threat Intelligence calls STRONTIUM conducted a low-volume spear-phishing campaign. Customers using Microsoft Edge on Windows 10 Anniversary Update are known to be protected from versions of this attack observed in the wild. This attack campaign, originally identified by Google’s Threat Analysis Group, used two zero-day vulnerabilities in Adobe Flash and the down-level Windows kernel to target a specific set of customers.
Microsoft has coordinated with Google and Adobe to investigate this thread and create a patch for down-level versions of Windows. The patch is already being tested and will be released on the next Patch Tuesday, November 8. It appears that all Windows versions are vulnerable to this type of attack and for this reason, Microsoft is also testing similar patches for all versions of Windows.
Microsoft reacted promptly to the news, but this doesn’t mean that Windows 10 users are safe. Hackers still have six days left to launch a major attack on Windows 10 users and the probability this happens is actually pretty high, taking into account that Microsoft will patch the vulnerability next week.
Microsoft recommends that all customers upgrade to Windows 10, the most secure operating system the company has built. Windows 10 users who have enabled Windows Defender Advanced Threat Protection (ATP) will be able to detect hackers’ attempted attacks.
RELATED STORIES YOU NEED TO CHECK OUT: