Skip to main content

Hackers exploit Windows bug revealed by anti-Microsoft Google researcher

Microsoft has revealed that hackers have exploited a bug in Windows that was first disclosed by Google researcher Tavis Ormandy in May.

Ormandy, a security engineer, came under fire when he publicised the bug through the full disclosure section of Internet security site without notifying Microsoft, meaning the company had no time to fix the flaw first.

Microsoft released few details of the security breaches, but in a statement said hackers had launched "targeted attacks" - a term generally used to refer to those on corporate or government targets, usually to steal information or sabotage systems.

Following Ormandy's disclosure in May, security firm Secunia issued an advisory which explained that the bug could be "exploited by malicious, local users to disclose sensitive information, cause a DoS (Denial of Service), and potentially gain escalated privileges."

Microsoft would not say whether it believed Ormandy's exposure of the bug was responsible for the attacks.

A Google spokesman told Reuters that no comment could be made as Ormandy's Windows research was personal and not related to his work for Google.

In a blog post, Ormandy was heavily critical of Microsoft, claiming the company is "difficult to work with" and has "great hostility" against vulnerability researchers.

"I would advise only speaking to them under a pseudonym, using tor and anonymous email to protect yourself," he wrote.