Anti-Microsoft Researchers Disclose Zero-Day Bug

A group of security researchers last week released the full details of a critical Windows Vista and Server 2008 vulnerability, retaliating to the ill treatment of a fellow security researcher by Microsoft.

The details of the unpatched flaw was released by the newly formed Microsoft-Spurned Researcher Collective (MSRC), a group of anonymous security researchers who feel that by joining together, they will be better able to deal with criticisms when revealing such flaws.

The formation of the group was declared on the Full Disclosure mailing list on 1 July, and published on the Windows Club blog.

It read: "Due to hostility toward security researchers, the most recent example being of Tavis Ormandy, a number of us from the industry (and some not from the industry) have come together to form MSRC: the Microsoft-Spurned Researcher Collective," the message read. "MSRC will fully disclose vulnerability information discovered in our free time, free from retaliation against us or any inferred employer."

The latest vulnerability release is in protest to the ill treatment of Google researcher Tavis Ormandy, who had publicly posted a detailed account of the vulnerability after Microsoft had repeatedly refused his requests to release a patch.