Security News > 2016 > November > Pawn Storm raced to pop many targets before Windows zero-day patch release (Help Net Security)
2016-11-09 22:02
As promised, Microsoft provided this Tuesday a patch for the Windows zero-day (CVE-2016-7855) actively exploited by the Strontium (aka Pawn Storm) cyber espionage hacking group. The initial attacks The attackers used a Flash Player use-after-free zero-day vulnerability to gain control of the browser process and the Microsoft zero-day to elevate privileges in order to escape the browser sandbox, so that they could install a backdoor on the targets’ computer. The attacks and vulnerabilities were first … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/ZuCyaAQQMWY/
Related news
- 7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now (source)
- Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws (source)
- Microsoft fixes actively exploited Windows Hyper-V zero-day flaws (source)
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- Patch Tuesday: January 2025 Security Update Patches Exploited Elevation of Privilege Attacks (source)
- Windows Patch Tuesday hits snag with Citrix software, workarounds published (source)
- Patch procrastination leaves 50,000 Fortinet firewalls vulnerable to zero-day (source)
- Asus lets processor security fix slip out early, AMD confirms patch in progress (source)
- Don't want your Kubernetes Windows nodes hijacked? Patch this hole now (source)
- Microsoft: January Windows security updates break audio playback (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-01 | CVE-2016-7855 | Use After Free vulnerability in multiple products Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016. | 8.8 |