Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Google engineer bashes Microsoft's handling of security researchers, discloses Windows zero-day

Gregg Keizer | May 27, 2013
A Google security engineer accused Microsoft of treating outside researchers with "great hostility" days before posting details of an unpatched vulnerability in Windows that could be used to crash PCs or gain additional access rights.

In other words, a write-what-where condition can be exploited to run attack, or exploit, code.

Ormandy has had dust-ups with other vendors over vulnerabilities. In mid-2011, he accused Adobe of "trying to bury" an "embarrassing number" -- he said more than 400 -- of bugs in Flash Player.

Microsoft will probably not rush to patch the vulnerability Ormandy disclosed, said Storms, even though it might be usable by astute hackers. "At this point, it's difficult to imagine that Microsoft will do much of anything outside of their usual incident response that begins with confirming the bug and possibly issuing an advisory," Storms said.

Microsoft's next regularly-scheduled Patch Tuesday is June 11, or just under three weeks from today.


Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.