Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Microsoft downplays threat of new Windows zero-day

None | Feb. 25, 2011
Operating Systems

"They've been doing this forever, MSRC is about managing PR incidents, not improving security," said Tavis Ormandy in a reply to Vupen's tweet.

Ormandy, a Google (GOOG) security engineer, has butted heads with Microsoft before -- most notably last summer, when he released exploit code for a bug in Windows' Help and Support Center after he said Microsoft refused to set a patch deadline.

Microsoft's Bryant said the MSRC researchers are will investigating the bug, and would issue a patch or a workaround to protect users.

Although the company's next regularly-scheduled Patch Tuesday is three weeks away, it's unlikely a fix will be delivered then unless a large number of in-the-wild attacks exploiting the vulnerability appear.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.