Forgot your password?
typodupeerror
Security

+ - Google Gives Microsoft 5 Days to Fix XP Zero-Day->

Submitted by CWmike
CWmike (1292728) writes "Google engineer Tavis Ormandy published attack code on Thursday that exploits a zero-day vulnerability in Windows XP. Security experts objected to the way he disclosed the bug — just five days after it was reported to Microsoft — and said the move is more evidence of the ongoing, and increasingly public, war between the two giants. Microsoft said it is investigating the vulnerability and would have more information on its next steps later on Thursday. Researchers at French security vendor Vulpen Security confirmed that Ormandy's proof-of-concept works as advertised on Windows XP Service Pack 2 (SP2) and SP3 machines running Internet Explorer 7 or IE8. Ormandy said he decided to go public because of its severity, and, 'If I had reported the ... issue without a working exploit, I would have been ignored.' He also slammed the concept of 'responsible disclosure,' a term that Microsoft and others apply to bug reports submitted privately, giving developers time to patch before the information is publicly released. Microsoft took Ormandy to task for giving it less than a week to deal with his report. And Microsoft was not the only one. Robert Hansen, CEO of SecTheory, chastised Google for claiming that the company abides by responsible disclosure when its security researchers do not. 'Their researchers are going off half-cocked,' said Hansen, who deplored Ormandy's quick publication. 'It just doesn't add up.'"
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Google Gives Microsoft 5 Days to Fix XP Zero-Day

Comments Filter:

Fools ignore complexity. Pragmatists suffer it. Some can avoid it. Geniuses remove it. -- Perlis's Programming Proverb #58, SIGPLAN Notices, Sept. 1982

Working...