Hackers exploit flaw in 'silly Microsoft code' publicised by Google engineer

Latest updates to Windows 7 & 8 fixes vulnerability first identified by Tavis Ormandy

In the latest patch update for their Windows operating system, Microsoft have warned that hackers may have been actively exploiting a vulnerability made public by a Google engineer. It claimed that “targeted attacks” had been launched, taking advantage of the flaw.

The engineer in question, Tavis Ormandy, made the flaw public in a blog post back in May. Ormandy said that he didn’t have much time “to work on silly Microsoft code” but that “the bug is really nice”. The bug in question applies only to Windows 7 and Windows 8, allowing local users to increase their security privileges.

Many security experts criticized Ormandy for publishing the vulnerability rather than directly contacting Microsoft so that they could fix the software. In a previous blog post Ormandy said that Microsoft “treat vulnerability researchers with great hostility” and are “often very difficult to work with”.

Ormandy was so wary about speaking with Microsoft’s team that he advises those researchers that do contact them to do so “under a pseudonym, using tor [an anonymous browser] and anonymous email to protect yourself”.

The reporting of software vulnerabilities by non-affiliated software engineers is a common practice and Google employees especially seem to take a keen interest in this sport. In February of this year, it was revealed that more than half of the vulnerabilities addressed in Microsoft’s monthly software update (‘Patch Tuesday’) had been identified by engineers working for the search giant.

However, normal practice is to identify faults quietly and discretely, even if it's found in your competitors' code. Independent security specialist Graham Cluley has challenged Ormandy's actions, saying: "You have to ask yourself if the public disclosure of this vulnerability before Microsoft was ready to protect against it was really to the benefit of internet users."

"I’m not questioning Tavis Ormandy’s expertise at finding security holes, or his skills as a vulnerability researcher. There’s no doubt that he is extremely skilled in these departments. I just wish that Microsoft and Ormandy could find a way of working more reasonably with each other so that vulnerabilities can only be disclosed in a responsible fashion, once a patch is available."

Neither Ormandy nor Microsoft have offered any comment, but a Google spokesman made it clear that Ormandy’s time spent identifying Windows vulnerabilities was personal and not related to his work for the company.

Life and Style
ebookNow available in paperback
ebooks
ebookPart of The Independent’s new eBook series The Great Composers
Latest stories from i100
Have you tried new the Independent Digital Edition apps?
Independent Dating
and  

By clicking 'Search' you
are agreeing to our
Terms of Use.

ES Rentals

    iJobs Job Widget
    iJobs Gadgets & Tech

    Recruitment Genius: Web Hosting Support Agent

    Negotiable: Recruitment Genius: One of the North West's leading web hosting pr...

    Recruitment Genius: Data Centre & Systems Support Engineers

    Negotiable: Recruitment Genius: This accelerated growth ISP company is current...

    Ashdown Group: Senior Systems Administrator - London - £50,000

    £40000 - £50000 per annum + benefits: Ashdown Group: Senior Systems Administra...

    Recruitment Genius: .NET Web Developer

    £35000 - £45000 per annum: Recruitment Genius: A fantastic opportunity for a t...

    Day In a Page

    The difference between America and Israel? There isn’t one

    The difference between America and Israel? There isn’t one

    Netanyahu knows he can get away with anything in America, says Robert Fisk
    Families clubbing together to build their own affordable accommodation

    Do It Yourself approach to securing a new house

    Community land trusts marking a new trend for taking the initiative away from developers
    Head of WWF UK: We didn’t send Cameron to the Arctic to see green ideas freeze

    David Nussbaum: We didn’t send Cameron to the Arctic to see green ideas freeze

    The head of WWF UK remains sanguine despite the Government’s failure to live up to its pledges on the environment
    Author Kazuo Ishiguro on being inspired by shoot-outs and samurai

    Author Kazuo Ishiguro on being inspired by shoot-outs and samurai

    Set in a mythologised 5th-century Britain, ‘The Buried Giant’ is a strange beast
    With money, corruption and drugs, this monk fears Buddhism in Thailand is a ‘poisoned fruit’

    Money, corruption and drugs

    The monk who fears Buddhism in Thailand is a ‘poisoned fruit’
    America's first slavery museum established at Django Unchained plantation - 150 years after slavery outlawed

    150 years after it was outlawed...

    ... America's first slavery museum is established in Louisiana
    Kelly Clarkson: How I snubbed Simon Cowell and become a Grammy-winning superstar

    Kelly Clarkson: How I snubbed Simon Cowell and become a Grammy-winning superstar

    The first 'American Idol' winner on how she manages to remain her own woman – Jane Austen fascination and all
    Tony Oursler on exploring our uneasy relationship with technology with his new show

    You won't believe your eyes

    Tony Oursler's new show explores our uneasy relationship with technology. He's one of a growing number of artists with that preoccupation
    Ian Herbert: Peter Moores must go. He should never have been brought back to fail again

    Moores must go. He should never have been brought back to fail again

    The England coach leaves players to find solutions - which makes you wonder where he adds value, says Ian Herbert
    War with Isis: Fears that the looming battle for Mosul will unleash 'a million refugees'

    The battle for Mosul will unleash 'a million refugees'

    Aid agencies prepare for vast exodus following planned Iraqi offensive against the Isis-held city, reports Patrick Cockburn
    Yvette Cooper: We can't lose the election. There's too much on the line

    Yvette Cooper: We can't lose the election. There's too much on the line

    The shadow Home Secretary on fighting radical Islam, protecting children, and why anyone in Labour who's thinking beyond May must 'sort themselves out'
    A bad week for the Greens: Leader Natalie Bennett's 'car crash' radio interview is followed by Brighton council's failure to set a budget due to infighting

    It's not easy being Green

    After a bad week in which its leader had a public meltdown and its only city council couldn't agree on a budget vote, what next for the alternative party? It's over to Caroline Lucas to find out
    Gorillas nearly missed: BBC producers didn't want to broadcast Sir David Attenborough's famed Rwandan encounter

    Gorillas nearly missed

    BBC producers didn't want to broadcast Sir David Attenborough's famed Rwandan encounter
    Downton Abbey effect sees impoverished Italian nobles inspired to open their doors to paying guests for up to €650 a night

    The Downton Abbey effect

    Impoverished Italian nobles are opening their doors to paying guests, inspired by the TV drama
    China's wild panda numbers have increased by 17% since 2003, new census reveals

    China's wild panda numbers on the up

    New census reveals 17% since 2003