Google engineers once again announced Windows vulnerabilities that Microsoft was hard to cooperate

Source: Internet
Author: User

Google engineers once again announced Windows vulnerabilities that Microsoft was hard to cooperate

A Google Engineer once again revealed the Windows vulnerability. The Google information security engineer named Tavis Ormandy issued a full disclosure article at the SecLists site, this article describes in detail the vulnerability in Windows 7 and Windows 8 that can be exploited by local users to gain higher user permissions. Security company Secunia said the vulnerability is less risky because it cannot be remotely exploited.

This case fully demonstrates that Google and Microsoft are not only involved in external publicity, but Ormandy points out that he "has no time to use these stupid Microsoft code ". In fact, Ormandy has previously announced a series of Windows XP Help and Support Center vulnerabilities. Before fixing these vulnerabilities, hackers can use the designed website to harm XP devices.

Google's engineers seem to have been making public the vulnerabilities of Microsoft's various software quite rhythmically. Recently, Microsoft announced 50% of the vulnerabilities that Microsoft fixed with the monthly Patch Tuesday. Some security researchers have previously pointed out that Ormandy is simply "irresponsible ". In the information released several days ago, Ormandy also claims that Microsoft is "difficult to cooperate". It is recommended that all security engineers use an anonymous approach when talking to Microsoft, because "Microsoft is very hostile to vulnerability researchers ".

Graham Cluley, Senior Technical Consultant for Sophos, a security company, commented: "basically, Microsoft's security team has been doing well. Vulnerability researchers should work closely with Microsoft to solve discovered problems, rather than disclosing these problems to hackers or assisting hackers ." No matter what the purpose of Ormandy's re-publication of the vulnerability is, Microsoft said it is currently investigating: "We will take appropriate actions to protect our users, if the vulnerability exists, we will fix it in time."

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.