Google Engineer Finds Microsoft Security Flaw, Says Company is Hostile About It
May 23, 2013 10:51 AM
comment(s) - last by
Tavis Ormandy said Microsoft is difficult to work with regarding these issues
A Google engineer has called Microsoft out on a recent security flaw in the Windows operating system, and even said that the Windows creator is hostile toward third-party vulnerability researchers.
Tavis Ormandy, a Google security engineer, exposed the flaw on Full Disclosure. The Microsoft vulnerability, which was in the Windows kernel driver "Win32k.sys," was featured in a Full Disclosure mailing list on May 17.
Before that, Ormandy revealed the flaw on GitHub back in March in hopes of bringing other security researchers on board to investigate.
Ormandy said on Full Disclosure, "I don't have much free time to work on silly Microsoft code, so I'm looking for ideas on how to fix the final obstacle for exploitation."
Ormandy posted on Full Disclosure yet again on Monday, saying "I have a working exploit that grants SYSTEM on all currently supported versions of Windows. Code is available on request to students from reputable schools."
Ormandy also insulted Microsoft on Full Disclosure, saying "As far as I can tell, this code is pre-NT (20+ years) old, so remember to thank the SDL for solving security and reminding us that old code doesn't need to be reviewed ;-)."
Microsoft has been annoyed with Ormandy for publicly discussing vulnerabilities before they could be patched. Microsoft prefers "responsible disclosure," where security experts are asked to report flaws privately to the company.
"Note that Microsoft treat[s] vulnerability researchers with great hostility, and are often very difficult to work with," said Ormandy. "I would advise only speaking to them under a pseudonym, using Tor and anonymous email to protect yourself."
This article is over a month old, voting and posting comments is disabled
RE: Microsoft lol
5/23/2013 12:43:01 PM
RE: Microsoft lol
5/23/2013 1:00:52 PM
RE: Microsoft lol
5/23/2013 1:03:06 PM
You don't pee on hospitality!
"Mac OS X is like living in a farmhouse in the country with no locks, and Windows is living in a house with bars on the windows in the bad part of town." -- Charlie Miller
Tech's Biggest Loser on Tax Day: eBay Pays Nearly 99 Percent Tax Rate
April 15, 2015, 3:28 PM
Death and Dragons -- Report Claims Game of Thrones Hit by Piracy "Tidal Wave"
April 10, 2015, 8:37 AM
Court Blocks Twitter and YouTube in Turkey After Pro-Communist Attack in Istanbul
April 6, 2015, 10:53 AM
In Graphics and Quotes: $10.4 Billion Charter & Bright House Merger
April 2, 2015, 5:19 PM
WSJ Report Implies That Google Leveraged Lobbying to Kill Antitrust Abuse Probe
March 25, 2015, 5:37 PM
Nationalist Hackers From Turkey Cause Chaos, Deface Dozens of Sites
March 16, 2015, 12:29 PM
Most Popular Articles
HBO to VPN HBO Now Users: Prove You Live in U.S. or We Will Terminate You
April 21, 2015, 12:17 PM
Quick Note: Lady Macbath -- One Japanese Woman's Apple Themed Revenge
April 23, 2015, 11:47 AM
Even Hillary Clinton Was Addicted to Nintendo Gameboy
April 21, 2015, 10:30 PM
Colorado Man Cited for "Killing His Computer" With a Handgun
April 22, 2015, 1:06 PM
AMD CEO: Windows 10 Will Launch at "The End of July"
April 20, 2015, 7:24 PM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2015 DailyTech LLC. -
Terms, Conditions & Privacy Information