Google gave Microsoft just six days to fix the flaw, despite giving Apple six months to fix an equally dangerous bug. Microsoft could not patch the flaw in time and now it seems that the same Russian hacking team behind political hacks are using it.
Vole said that there had been several attacks using "spear phishing" emails from a hacking group known Strontium, which is more widely known as "Fancy Bear," or APT 28. Russian hackers have been accused of gaming the US election in favour of Donald Trump.
Microsoft said a patch to protect Windows users against the newly discovered threat will be released on 8 November.
A US intelligence expert on Russian cyber activity said that Fancy Bear primarily works for or on behalf of the GRU, Russia’s military intelligence agency, which US intelligence officials have concluded were responsible for hacks of Democratic Party databases and emails.
Microsoft said the attacks exploited a vulnerability in Adobe Systems Flash software and one in the Windows operating system.
Adobe released a patch for that vulnerability on Monday, when security researchers with Google went public with details on the attack.
Google insists that it is following its standing policy of going public seven days after discovering "critical vulnerabilities" that are being actively exploited by hackers. That of course does not apply to Apple which was allowed by Google to run a serious zero-day flaw for six months. It also ignores the fact that Google itself could not fix and issue a zero-day flaw in its own operating system Android in seven days. If we were Microsoft we would knock this policy on the head by finding similar flaws in Android for a laugh and give Google seven days to fix them and push the update to users phones.