A Google Engineer Who Loves Annoying Microsoft Says He's Found A New Windows 7 And 8 Bug
Tavis Ormandy, an information security engineer at Google, has found what he's calling "a pretty obvious bug" in
On Monday, Ormandy posted detailed information about it to Full Disclosure, a mailing list for security experts.
Ormandy said he's written code that
He isn't releasing it to the public, but is making it "available on request to students from reputable schools." This means other security researchers, not college students.
Ormandy first published details about the Windows bug on Github, a site that lets developers collaborate on projects, in March. But he hasn't said whether he's reached out to Microsoft, which is standard procedure in these situations.
Microsoft says it's aware of Ormandy's latest Windows flaw and is investigating.
"We have not detected any attacks against this issue, but will take appropriate action to protect our customers," Dustin Childs, a group manager in Microsoft's Trustworthy Computing unit, told Business Insider in an email.
We've reached out to Ormandy to see if he contacted Microsoft before his May 17 post to the Full Disclosure list. We've also reached out to
As Windows security flaws go, this isn't a major one because hackers can't use it to take control of machines over an Internet connection. Still, because so many people use Windows, Microsoft will probably fix this bug soon.
Security researchers usually contact the vendor first before they talk publicly about a bug they've found. But Ormandy and Microsoft have a rocky history.
In 2010, Ormandy discovered a previously unknown bug in Windows XP's Help and Support Center, and posted a working exploit to the web five days after telling Microsoft about it.
Hackers quickly figured out how to use it, and began attacking Windows XP PCs.
Microsoft, which released an emergency fix for the bug, wasn't pleased. This sparked a big IT industry debate about how long researchers should wait after informing a vendor about a security flaw before going public with it.
Ormandy, in a post to his personal blog last week, warned security researchers that Microsoft typically reacts to bug reports with "great hostility" and is "very difficult" to work with. They should only submit reports anonymously, he said.
- India's gold demand up 8% in Jan-Mar to 136.6 tonne despite high rate
- Mahindra XUV 3XO compact SUV launched in India starting at ₹7.49 lakh
- Markets trade firm on global rally, fresh foreign fund inflows
- Sustainable Energy Efficiency
- BenQ Zowie XL2546X review – Monitor for the serious gamers
- Nothing Phone (2a) blue edition launched
- JNK India IPO allotment date
- JioCinema New Plans
- Realme Narzo 70 Launched
- Apple Let Loose event
- Elon Musk Apology
- RIL cash flows
- Charlie Munger
- Feedbank IPO allotment
- Tata IPO allotment
- Most generous retirement plans
- Broadcom lays off
- Cibil Score vs Cibil Report
- Birla and Bajaj in top Richest
- Nestle Sept 2023 report
- India Equity Market