SAN FRANCISCO - Microsoft says it will release a patch next week to address vulnerabilities in its Windows operating system exploited by a group reportedly tied to the Russian government and linked to the theft of emails from the Democratic National Committee.

The group, called Strontium by Microsoft but Fancy Bear or APT 28 by other security researchers, has been tied to Russian state-sponsored hacking.

U.S. government intelligence agencies have said Russian groups were behind attempts to interfere with this year's U.S. presidential election.

Strontium has targeted government agencies, diplomatic institutions, military organizations, plus defence contractors and public policy research institutes, Microsoft's executive vice-president of Windows and devices group, Terry Myerson, said in a blog post.

"Strontium frequently uses compromised email accounts from one victim to send malicious emails to a second victim and will persistently pursue specific targets for months until they are successful in compromising the victims' computer," said Myerson.

Myerson did not directly link Strontium to Russia, only that it has been used "to target a specific set of customers."

However, according to CrowdStrike, a computer security company that published a detailed analysis of the attack on the Democratic National Committee intrusion in June, Strontium is simply another name for the group called Fancy Bear, a Russian intelligence-affiliated adversary.

The exploits used by Strontium involve versions of Windows going back to Vista as well as Adobe's Flash, according to Myserson. Microsoft says the group launched a campaign involving spear phishing, where users will receive a malicious email disguised as a message from a friendly individual or business. If successful, hackers using the exploits could gain access to a victim's computer. A patch is expected by November 8.

"Patches for all versions of Windows are now being tested by many industry participants," said Myerson.

The patch doesn't mean that Strontium will no longer be able to launch attacks, merely that it will need to find new vulnerabilities. FancyBear/Strontium has a history of using security holes in software that are unknown and therefore have not been patched, ones companies do not realize they must protect against.

"At this point, they've probably got others that they could deploy if they've got a target that's sufficiently important," said Adam Meyers, vice-president of intelligence at CrowdStrike.

The exploits were first discovered by Google's Threat Analysis Group, and shared publicly on Monday. Myerson called Google's decision to share details of the vulnerabilities "disappointing," adding it puts customers at risk.

"We believe responsible technology industry participation puts the customer first, and requires co-ordinated vulnerability disclosure," said Myerson.

Loading... Loading... Loading... Loading... Loading... Loading...

In Google's statement detailing the exploit, threat analysis group members Neel Mehta and Billy Leonard say they first reported the vulnerabilities privately on Oct. 21. Google says Adobe addressed the exploit five days later.

"After seven days, per our published policy for actively exploited critical vulnerabilities, we are today disclosing the existence of a remaining critical vulnerability in Windows for which no advisory or fix has yet been released," said Mehta and Leonard.