Google Researcher Slams Microsoft As He Reveals Windows Security Flaw

Google’s Tavis Ormandy has criticised Microsoft for treating vulnerability researchers with “great hostility”, as he released information regarding a security flaw in Windows.

Ormandy said, posting on the Full Disclosure section of Seclists.org, there was a “pretty obvious bug” in Windows, which he first detailed in March.

He had initially found exploitation hard to achieve, but a later post on Full Disclosure indicated he had a working exploit affecting all currently supported versions of Windows, which Ormandy offered to share with “students from reputable schools”.

Windows flaw

In a separate post on his personal blog, Ormandy claimed Microsoft “are often very difficult to work with”. “I would advise only speaking to them under a pseudonym, using tor and anonymous email to protect yourself,” he added.

Microsoft did not respond to Ormandy’s criticisms, but did note the vulnerability. “We are aware of an issue affecting Microsoft Windows and are investigating. We have not detected any attacks against this issue, but will take appropriate action to protect our customers,” said Dustin Childs, group manager at Microsoft Trustworthy Computing.

Security company Secunia has also picked up on the flaw, saying it could be used in a privilege escalation attack, or a denial of service hit.

“The vulnerability is caused due to an error within “win32k.sys” when processing certain objects and can be exploited to cause a crash or execute arbitrary code with the kernel privilege,” Secunia said in its advisory.

“The vulnerability is confirmed on a fully patched Windows 7 x86 Professional (win32k.sys version 6.1.7601.18126) and reported on Windows 8. Other versions may also be affected.”

Ormandy has previous when it comes to pouring scorn on companies for software vulnerabilities. Last year, he accused Sophos of “poor development practices and coding standards” after he found problems with the security company’s software.

Are you a security pro? Try our quiz!

Thomas Brewster

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

Recent Posts

Ericsson To Cut 1,200 Jobs in Sweden Amid ‘Challenging’ Market

Swedish telecoms giant Ericsson blamed “challenging mobile networks market” and “further volume contraction” for job…

4 hours ago

FTX’s Sam Bankman-Fried Sentenced To 25 Years In Prison For $8bn Fraud

Dramatic downfall. Sam Bankman-Fried sentenced to 25 years in prison for masterminding $8bn fraud that…

4 hours ago

Elon Musk Orders FSD Demo For Every Tesla US Sale

Fallout avoidance? Tesla buyers in the US must be shown how to use the FSD…

5 hours ago

Amazon Pumps Another $2.75 Billion Into Anthropic

Amazon completes its $4bn investment into AI firm Anthropic, after providing an additional $2.75bn in…

7 hours ago

The Sustainability of AI

While AI promises unparalleled efficiency, productivity, and innovation, questions regarding its environmental impact loom large.…

10 hours ago

Trump’s Truth Social Makes Successful Market Debut

Shares in Donald Trump’s social media company rose about 16 percent after first day of…

10 hours ago