The Hacker News Logo
Subscribe to Newsletter

Internet Explorer vulnerability exposed by Google Researcher used in targeted attacks

Google and Microsoft are at each other's throats again. In a recent statement, Microsoft says hackers have been actively exploiting a vulnerability that was publicly disclosed by a Google researcher, Tavis Ormandy.

Microsoft addressed the vulnerability in its monthly "Patch Tuesday" package of fixes for July. Tavis Ormandy revealed the vulnerability in Windows 7 and 8 allows local users to obtain escalated privileges, making it easier for a hacker to compromise a system.

Ormandy has been criticized by Microsoft and some in the security community who subscribe to the practice that a vulnerability shouldn't be made public until a software maker has an opportunity to fix it. Ormandy said that Microsoft “treat vulnerability researchers with great hostility” and are “often very difficult to work with”. He also advised researchers to use pseudonyms when dealing with the software giants.

In 2012, Tavis accused Sophos of “poor development practices and coding standards” after he uncovered some nasty flaws.

It is nowhere mentioned that whether the attempted attacks had been successful, or how widespread the attempts appeared to be. This month in Patch Tuesday, Seven bulletins were released by Microsoft yesterday, six of which were critical.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.