Google cyber-knight lances Microsoft for bug-hunter 'hostilities'

Top Google engineer Tavis Ormandy has slammed Microsoft for treating security bug hunters with “great hostility”.

He blasted Redmond's behaviour towards those who report vulnerabilities as he publicly revealed a new unpatched security hole in the Windows operating system - a bug that can be exploited to crash systems or gain administrator privileges. The vulnerable driver is present in "all currently supported versions" of Windows, according to the Googler...

......After documenting the bug, he posted his initial findings to the Full Disclosure mailing list, and published a complete dossier last week.

In a related post on his personal blog, Ormandy invited others to look into the flaw, before finishing the essay with trenchant criticism of Redmond's attitude towards computer security professionals...

...Vulnerability management specialists Secunia warned that the flaw discovered by Ormandy can be used to launch denial-of-service assaults or elevate a local user's privilege......

...“The vulnerability is caused due to an error within 'win32k.sys' when processing certain objects and can be exploited to cause a crash or execute arbitrary code with the kernel privilege,”....

..Click here to read more ....