Excerpt from ZdNet’s By Zack Whittaker for Zero Day | July 10, 2013 – click here for full article
Microsoft admits ‘targeted attacks,’ blames Google techie
Microsoft admitted this week that hackers had launched “targeted attacks” against its customers by exploiting a bug publicly disclosed by a Google engineer in June. The disclosure was relegated to a footnote in its monthly memo about security flaws.
“Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8,” the software giant wrote on Patch Tuesday.
Microsoft misses Google-found flaw in Patch Tuesday updates
The sentence is a subtle dig at Google researcher Tavis Ormandy, who disclosed the bug — but not privately to Microsoft. Instead, he published it to a public disclosure list, a breach of white hat hacker etiquette. Ormandy defended his decision by stating that Microsoft was difficult to work with.
Three weeks after his initial disclosure (with no apparent action taken by Microsoft), Ormandy released the full exploit of the kernel vulnerability. The move kickstarted cyber attacks on affected companies and businesses that found themselves unable to mitigate the damage because Microsoft hadn’t patched the flaw.
Upon Ormandy’s release of the full exploit, Microsoft acknowledged that there was “an issue” that affected all versions of Windows XP and above, using Internet Explorer 6 and above.
Excerpt from ZdNet’s By Zack Whittaker for Zero Day | July 10, 2013 – click here for full article
You must log in to post a comment.