Hackers exploit flaw in 'silly Microsoft code' publicised by Google engineer

Latest updates to Windows 7 & 8 fixes vulnerability first identified by Tavis Ormandy

In the latest patch update for their Windows operating system, Microsoft have warned that hackers may have been actively exploiting a vulnerability made public by a Google engineer. It claimed that “targeted attacks” had been launched, taking advantage of the flaw.

The engineer in question, Tavis Ormandy, made the flaw public in a blog post back in May. Ormandy said that he didn’t have much time “to work on silly Microsoft code” but that “the bug is really nice”. The bug in question applies only to Windows 7 and Windows 8, allowing local users to increase their security privileges.

Many security experts criticized Ormandy for publishing the vulnerability rather than directly contacting Microsoft so that they could fix the software. In a previous blog post Ormandy said that Microsoft “treat vulnerability researchers with great hostility” and are “often very difficult to work with”.

Ormandy was so wary about speaking with Microsoft’s team that he advises those researchers that do contact them to do so “under a pseudonym, using tor [an anonymous browser] and anonymous email to protect yourself”.

The reporting of software vulnerabilities by non-affiliated software engineers is a common practice and Google employees especially seem to take a keen interest in this sport. In February of this year, it was revealed that more than half of the vulnerabilities addressed in Microsoft’s monthly software update (‘Patch Tuesday’) had been identified by engineers working for the search giant.

However, normal practice is to identify faults quietly and discretely, even if it's found in your competitors' code. Independent security specialist Graham Cluley has challenged Ormandy's actions, saying: "You have to ask yourself if the public disclosure of this vulnerability before Microsoft was ready to protect against it was really to the benefit of internet users."

"I’m not questioning Tavis Ormandy’s expertise at finding security holes, or his skills as a vulnerability researcher. There’s no doubt that he is extremely skilled in these departments. I just wish that Microsoft and Ormandy could find a way of working more reasonably with each other so that vulnerabilities can only be disclosed in a responsible fashion, once a patch is available."

Neither Ormandy nor Microsoft have offered any comment, but a Google spokesman made it clear that Ormandy’s time spent identifying Windows vulnerabilities was personal and not related to his work for the company.

Life and Style
ebookNow available in paperback
ebooks
ebookA delicious collection of 50 meaty main courses
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: Web Team Leader

    £30000 - £35000 per annum: Recruitment Genius: One of the UK's leading web des...

    Recruitment Genius: Support and Development Engineer

    £20000 per annum: Recruitment Genius: The leading provider of Employee Managem...

    Recruitment Genius: Creative Designer

    £15000 - £25000 per annum: Recruitment Genius: This Kent based design consulta...

    Recruitment Genius: IT Gazetteer Consultant

    £25000 - £34000 per annum: Recruitment Genius: Are you looking to work for an ...

    Day In a Page

    Greece says 'No': A night of huge celebrations in Athens as voters decisively back Tsipras and his anti-austerity stance in historic referendum

    Greece referendum

    Greeks say 'No' to austerity and plunge Europe into crisis
    Ten years after the 7/7 terror attacks, is Britain an altered state?

    7/7 bombings anniversary

    Ten years after the terror attacks, is Britain an altered state?
    Beautiful evening dresses are some of the loveliest Donatella has created

    Versace haute couture review

    Beautiful evening dresses are some of the loveliest Donatella has ever created
    No hope and no jobs, so Gaza's young risk their lives, climb the fence and run for it

    No hope and no jobs in Gaza

    So the young risk their lives and run for it
    Fashion apps: Retailers roll together shopping and social networking for mobile customers

    Fashion apps

    Retailers roll together shopping and social networking for mobile customers
    The Greek referendum exposes a gaping hole at the heart of the European Union – its distinct lack of any genuine popular legitimacy

    Gaping hole at the heart of the European Union

    Treatment of Greece has shown up a lack of genuine legitimacy
    Number of young homeless in Britain 'more than three times the official figures'

    'Everything changed when I went to the hostel'

    Number of young homeless people in Britain is 'more than three times the official figures'
    Compton Cricket Club

    Compton Cricket Club

    Portraits of LA cricketers from notorious suburb to be displayed in London
    London now the global money-laundering centre for the drug trade, says crime expert

    Wlecome to London, drug money-laundering centre for the world

    'Mexico is its heart and London is its head'
    The Buddhist temple minutes from Centre Court that helps a winner keep on winning

    The Buddhist temple minutes from Centre Court

    It helps a winner keep on winning
    Is this the future of flying: battery-powered planes made of plastic, and without flight decks?

    Is this the future of flying?

    Battery-powered planes made of plastic, and without flight decks
    Isis are barbarians – but the Caliphate is a dream at the heart of all Muslim traditions

    Isis are barbarians

    but the Caliphate is an ancient Muslim ideal
    The Brink's-Mat curse strikes again: three tons of stolen gold that brought only grief

    Curse of Brink's Mat strikes again

    Death of John 'Goldfinger' Palmer the latest killing related to 1983 heist
    Greece debt crisis: 'The ministers talk to us about miracles' – why Greeks are cynical ahead of the bailout referendum

    'The ministers talk to us about miracles'

    Why Greeks are cynical ahead of the bailout referendum
    Call of the wild: How science is learning to decode the way animals communicate

    Call of the wild

    How science is learning to decode the way animals communicate