Microsoft issued a warning about the APT group most commonly known as \u201cFancy Bear,\u201d or APT 28, and how it is exploiting the zero-day disclosed by Google on Halloween.Microsoft agreed that the zero-day is being actively exploited and pointed a finger of blame at a hacking group that is believed to be tied to the Russian government; the same group is believed to be responsible for hacks that resulted in data breaches at the Democratic National Committee and the Clinton campaign.Microsoft does not call the APT group \u201cFancy Bear\u201d as its codename for the threat group is STRONTIUM. Terry Myerson, executive vice president of Microsoft\u2019s Windows and Devices Group, wrote:Recently, the activity group that Microsoft Threat Intelligence calls STRONTIUM conducted a low-volume spear-phishing campaign. Customers using Microsoft Edge on Windows 10 Anniversary Update are known to be protected from versions of this attack observed in the wild. This attack campaign, originally identified by Google\u2019s Threat Analysis Group, used two zero-day vulnerabilities in Adobe Flash and the down-level Windows kernel to target a specific set of customers.A patch is coming, but not an out-of-band fix; Microsoft will release the patch when it normally releases all security updates, on Patch Tuesday, which also happens to be Election Day\u2014Nov. 8.Until then, Microsoft advised using Windows 10 and enabling Windows Defender Advanced Threat Protection (ATP), as it \u201cwill detect STRONTIUM\u2019s attempted attacks thanks to ATP\u2019s generic behavior detection analytics and up-to-date threat intelligence.\u201d\u201cMicrosoft has attributed more zero-day exploits to STRONTIUM than any other tracked group in 2016,\u201d Myerson added. He explained that STRONTIUM usually compromises email accounts and then sends malicious emails from those accounts to other targets. The group \u201cwill persistently pursue specific targets for months until they are successful in compromising the victims\u2019 computer. Once inside, STRONTIUM moves laterally throughout the victim network, entrenches itself as deeply as possible to guarantee persistent access, and steals sensitive information.\u201dFancy Bear must complete three steps to successfully pwn a target. Exploit Flash and then a kernel elevation of privilege flaw, which is in every supported version of Windows. However, Myerson noted that Microsoft implemented mitigations in Windows 10 Anniversary Update, which should \u201cstop all observed in-the-wild instances of this exploit.\u201d Otherwise, once Fancy Bear has achieved EoP, \u201ca backdoor is downloaded, written to the file system and executed into the browser process.\u201dMicrosoft couldn\u2019t resist remarking upon responsible disclosure and its disappointment in Google: \u201cWe believe responsible technology industry participation puts the customer first and requires coordinated vulnerability disclosure. Google\u2019s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing and puts customers at increased risk.\u201dGoogle\u2019s disclosure came seven days after notifying Microsoft, but before Microsoft patched. Adobe released security updates for Flash Player on October 26. Google believed going public was the right thing to do, saying, \u201cThis vulnerability is particularly serious because we know it is being actively exploited.\u201dBoth companies say using their browsers, Chrome on Windows 10 or Microsoft\u2019s Edge on Windows 10 Anniversary Update, should protect you from a successful attack.