Hackers exploit flaw in 'silly Microsoft code' publicised by Google engineer

Latest updates to Windows 7 & 8 fixes vulnerability first identified by Tavis Ormandy

In the latest patch update for their Windows operating system, Microsoft have warned that hackers may have been actively exploiting a vulnerability made public by a Google engineer. It claimed that “targeted attacks” had been launched, taking advantage of the flaw.

The engineer in question, Tavis Ormandy, made the flaw public in a blog post back in May. Ormandy said that he didn’t have much time “to work on silly Microsoft code” but that “the bug is really nice”. The bug in question applies only to Windows 7 and Windows 8, allowing local users to increase their security privileges.

Many security experts criticized Ormandy for publishing the vulnerability rather than directly contacting Microsoft so that they could fix the software. In a previous blog post Ormandy said that Microsoft “treat vulnerability researchers with great hostility” and are “often very difficult to work with”.

Ormandy was so wary about speaking with Microsoft’s team that he advises those researchers that do contact them to do so “under a pseudonym, using tor [an anonymous browser] and anonymous email to protect yourself”.

The reporting of software vulnerabilities by non-affiliated software engineers is a common practice and Google employees especially seem to take a keen interest in this sport. In February of this year, it was revealed that more than half of the vulnerabilities addressed in Microsoft’s monthly software update (‘Patch Tuesday’) had been identified by engineers working for the search giant.

However, normal practice is to identify faults quietly and discretely, even if it's found in your competitors' code. Independent security specialist Graham Cluley has challenged Ormandy's actions, saying: "You have to ask yourself if the public disclosure of this vulnerability before Microsoft was ready to protect against it was really to the benefit of internet users."

"I’m not questioning Tavis Ormandy’s expertise at finding security holes, or his skills as a vulnerability researcher. There’s no doubt that he is extremely skilled in these departments. I just wish that Microsoft and Ormandy could find a way of working more reasonably with each other so that vulnerabilities can only be disclosed in a responsible fashion, once a patch is available."

Neither Ormandy nor Microsoft have offered any comment, but a Google spokesman made it clear that Ormandy’s time spent identifying Windows vulnerabilities was personal and not related to his work for the company.

PROMOTED VIDEO
Life and Style
ebookNow available in paperback
Life and Style
ebooksA superb mix of recipes serving up the freshest of local produce in a delicious range of styles
Arts and Entertainment
booksPhotographer Richard Young has been snapping celebrities at play for 40 years - but he says it wasn’t all fun and games...
News
i100
Sport
Aguero - who single-handedly has kept City's Champions League dreams alive - celebrates his dramatic late winner
footballManchester City 3 Bayern Munich 2: Argentine's late hat-rick sees home side snatch vital victory
News
Muhammad Ali pictured in better health in 2006
peopleBut he has enjoyed publicity from his alleged near-death experience
Arts and Entertainment
Tony breaks into Ian Garrett's yacht and makes a shocking discovery
TVReview: Revelations continue to make this drama a tough watch
News
news
News
peopleSinger tells The Independent what life is like in rehab in an exclusive video interview
News
The assumption that women are not as competent in leadership positions as men are leads to increased stress in the workplace
science... and it's down to gender stereotypes
Arts and Entertainment
Inner sanctum: Tove Jansson and friends in her studio in 1992
booksWhat was the inspiration for Finland's most famous family?
News
i100
Arts and Entertainment
Singer songwriter Bob Dylan performs on stage
films
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Ashdown Group: PHP Developer (LAMP Developer) - Devon - £33,000

    £26000 - £33000 per annum + benefits and bonus: Ashdown Group: PHP Developer (...

    Recruitment Genius: Junior Software Developer

    £18000 - £24000 per annum: Recruitment Genius: A Junior Software Developer is ...

    Ashdown Group: PHP Web Developer - PHP MySQL JQuery HTML CSS - Wimbledon £28K

    £28000 per annum: Ashdown Group: PHP Web Developer - PHP MySQL JQuery HTML CSS...

    Langley James : Network Engineer, NHS, West London £250 per day (6 months)

    £250 per day: Langley James : Network Engineer, NHS, CCNA, CCNP, West London £...

    Day In a Page

    Homeless Veterans Christmas Appeal: Drifting and forgotten - turning lives around for ex-soldiers

    Homeless Veterans Christmas Appeal: Turning lives around for ex-soldiers

    Our partner charities help veterans on the brink – and get them back on their feet
    Putin’s far-right ambition: Think-tank reveals how Russian President is wooing – and funding – populist parties across Europe to gain influence in the EU

    Putin’s far-right ambition

    Think-tank reveals how Russian President is wooing – and funding – populist parties across Europe to gain influence in the EU
    Tove Jansson's Moominland: What was the inspiration for Finland's most famous family?

    Escape to Moominland

    What was the inspiration for Finland's most famous family?
    Nightclubbing with Richard Young: The story behind his latest book of celebrity photographs

    24-Hour party person

    Photographer Richard Young has been snapping celebrities at play for 40 years. As his latest book is released, he reveals that it wasn’t all fun and games
    Michelle Obama's school dinners: America’s children have a message for the First Lady

    A taste for rebellion

    US children have started an online protest against Michelle Obama’s drive for healthy school meals by posting photos of their lunches
    Colouring books for adults: How the French are going crazy for Crayolas

    Colouring books for adults

    How the French are going crazy for Crayolas
    Jack Thorne's play 'Hope': What would you do as a local politician faced with an impossible choice of cuts?

    What would you do as a local politician faced with an impossible choice of cuts?

    Playwright Jack Thorne's latest work 'Hope' poses the question to audiences
    Ed Harcourt on Romeo Beckham and life as a court composer at Burberry

    Call me Ed Mozart

    Paloma Faith, Lana del Ray... Romeo Beckham. Ed Harcourt has proved that he can write for them all. But it took a personal crisis to turn him from indie star to writer-for-hire
    10 best stocking fillers for foodies

    Festive treats: 10 best stocking fillers for foodies

    From boozy milk to wasabi, give the food-lover in your life some extra-special, unusual treats to wake up to on Christmas morning
    Phil Hughes head injury: He had one weakness – it has come back to haunt him

    Phil Hughes had one weakness – it has come back to haunt him

    Prolific opener had world at his feet until Harmison and Flintoff bounced him
    'I have an age of attraction that starts as low as four': How do you deal with a paedophile who has never committed a crime?

    'I am a paedophile'

    Is our approach to sex offenders helping to create more victims?
    How bad do you have to be to lose a Home Office contract?

    How bad do you have to be to lose a Home Office contract?

    Serco given Yarl’s Wood immigration contract despite ‘vast failings’
    Green Party on the march in Bristol: From a lost deposit to victory

    From a lost deposit to victory

    Green Party on the march in Bristol
    Putting the grot right into Santa's grotto

    Winter blunderlands

    Putting the grot into grotto
    'It just came to us, why not do it naked?' London's first nude free runner captured in breathtaking images across capital

    'It just came to us, why not do it naked?'

    London's first nude free runner captured in breathtaking images across capital