Google researcher outs zero-day exploit in Windows XP

By on Jun 11, 2010 at 1:45 PM
Security June 11, 2010

new-google-logo

On June 5th, Google researcher Tavis Ormandy notified Microsoft of a very serious bug in the Windows Help and Support Center of Windows XP. The report Ormandy provided to Microsoft detailed how arbitrary code could be executed by a remote attacker, and included a proof of concept exploit. Five days later, on June 10th, Ormandy released the vulnerability details to the public. The decision to divulge the exploit has sparked a debate about how such matters should be handled, and what responsibility, if any, security experts have. Orandy explains, “if I had reported the…issue without a working exploit, I would have been ignored,” he also went onto say that “responsible disclosure” was a farce, a tool used by companies to buy themselves time. “Those of us who work hard to keep networks safe are forced to work in isolation without the open collaboration with our peers,” Ormandy wrote. Security experts are weighting in on the situation with all sort of opinions. One camp is describing Orandy’s as, and engineer “going off half-cocked,” others see it as a clear shot ar Microsoft from Google. Either way, the zero-day exploit is now public knowledge and has the attention that Ormandy originally wanted. What do you think? A frustrated security engineer or a shot directly at Microsoft?

Read

Tags:
, , , ,
41 Comments

Related Articles

  • Shoeb Ahmed

    Forget the news.. as a first timer on this blog, I’m kind of sick and tired of Andrew’s mistakes on articles.

    Seriously Andrew, are you drunk and simply not going to use spell check or something? Cuz dude, seriously, you’re doing a bad job of typing.

  • J

    This definitely should have been brought to the lime light when it was. People can say what they want but it needs to be well acknowledged that there are intelligent code writers and exploiters out there that MS and other software companies need to keep up with. The release will also light the fire under MS to fix it now than millions can see the exploit and take advantage if they wish.

  • Danno Bonano

    @Ron,

    unhappy with your droid purchase? apple adds features on products only when they can execute with near perfection. no chance android will get both the same performance and battery longevity. say what you will but most people wouldn’t be close to having a smartphone without apple debuting the iPhone in 2007. since then everyone is playing catch up.

    Posted from BGR Mobile (iPhone).

1 2
blog comments powered by Disqus