Wednesday, November 02, 2016

Microsoft to patch "Fancy Bear" vulnerability on Election Day, but Adobe seems to have done all necessary patches to Flash


Microsoft plans to patch a vulnerability in its Windows operating systems from 7 to 10 on Nov. 8 (Election Day, ironically), a bug known as “Strontium” or “Fancy Near”.  The “Strontium” name seems to refer to loose nuclear waste in former Soviet republics (especially Georgia).  A British security site Itpro has a good explanation here.

The zero-day vulnerability seems to be spread by phishing attacks, especially those appealing to the “It’s free” mentality, and seem to affect Adobe.  There is some suggestion that the vulnerability originated in Russia and is intended to sabotage political campaigns.

Adobe also is warning users about the vulnerability “CVE-2016-7855” (story)

 An attacker could gain control of a user’s system when viewing an infected flash file.  Almost any operating system could be affected, but Adobe says its fixes will work on all systems.

Adobe has a blog posting on the matter here.

When I visited the download center  in Windows `0 it told me that Chrome will automatically download any new versions when needed.

Recently I did get a warning from one site that I actually thought looked suspicious.

Google has a security blog entry describing the problem here.

Some sources say that Microsoft’s Malicious Software Removal Tool (which takes a long time to update, always) already protects users.
 


Some older YouTube videos (including some embedded by me) invoke Adobe Flash, and Mac systems seem to block these by default.

Trend Micro says that it’s latest builds protects Windows users from malicious exploits possible from the vulnerability, here.

No comments: