Security News > 2016 > November > Pawn Storm raced to pop many targets before Windows zero-day patch release (Help Net Security)
2016-11-09 22:02
As promised, Microsoft provided this Tuesday a patch for the Windows zero-day (CVE-2016-7855) actively exploited by the Strontium (aka Pawn Storm) cyber espionage hacking group. The initial attacks The attackers used a Flash Player use-after-free zero-day vulnerability to gain control of the browser process and the Microsoft zero-day to elevate privileges in order to escape the browser sandbox, so that they could install a backdoor on the targets’ computer. The attacks and vulnerabilities were first … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/ZuCyaAQQMWY/
Related news
- 7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now (source)
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws (source)
- Vanir: Open-source security patch validation for Android (source)
- Windows 11 installation media bug causes security update failures (source)
- Windows 11 Media Update Bug Stops Security Updates (source)
- Windows 10 users urged to upgrade to avoid "security fiasco" (source)
- Security pros baited with fake Windows LDAP exploit traps (source)
- Week in review: Exploited Ivanti Connect Secure zero-day, Patch Tuesday forecast (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-01 | CVE-2016-7855 | Use After Free vulnerability in multiple products Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016. | 8.8 |