Security News > 2016 > November > Pawn Storm raced to pop many targets before Windows zero-day patch release (Help Net Security)
2016-11-09 22:02
As promised, Microsoft provided this Tuesday a patch for the Windows zero-day (CVE-2016-7855) actively exploited by the Strontium (aka Pawn Storm) cyber espionage hacking group. The initial attacks The attackers used a Flash Player use-after-free zero-day vulnerability to gain control of the browser process and the Microsoft zero-day to elevate privileges in order to escape the browser sandbox, so that they could install a backdoor on the targets’ computer. The attacks and vulnerabilities were first … More →
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/ZuCyaAQQMWY/
Related news
- March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included (source)
- Telegram fixes Windows app zero-day caused by file extension typo (source)
- Telegram fixes Windows app zero-day used to launch Python scripts (source)
- CrushFTP warns users to patch exploited zero-day “immediately” (source)
- Rarest, strangest, form of Windows saved techie from moment of security madness (source)
- Prompt Hacking, Private GPTs, Zero-Day Exploits and Deepfakes: Report Reveals the Impact of AI on Cyber Security Landscape (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-01 | CVE-2016-7855 | Use After Free vulnerability in multiple products Use-after-free vulnerability in Adobe Flash Player before 23.0.0.205 on Windows and OS X and before 11.2.202.643 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in October 2016. | 9.3 |