Home / / Googler-exposed Windows flaw exploited by hackers

Googler-exposed Windows flaw exploited by hackers

Microsoft announces targeted attacks two months after Google employee outs vulnerability

Googler-exposed Windows flaw exploited by hackers
Microsoft representatives would not comment on whether they thought exposure of the flaw led to the attacks.

Microsoft Corp yesterday announced that a software vulnerability in Windows, first exposed by a Google security engineer, has been exploited, according to report from Reuters.

Tavis Ormandy, the Google engineer who posted details of the flaw in May on a Microsoft blog, was heavily criticised at the time because he did so without first informing Microsoft, thereby not allowing the Windows vendor to fix the issue.

Ormandy also slammed Microsoft's security division for being difficult to work with and advised other researchers to keep their identity a secret when engaging with Redmond security officials.

When Microsoft announced yesterday that targeted attacks had occurred using the vulnerability, representatives were quizzed on whether they thought Ormandy's disclosure had led to the attacks. They had no comment to make.

While Reuters reported that Ormandy could not be reached for comment, it also said a Google official claimed that Ormandy's work on the Windows flaw was a personal project and had nothing to do with his work for the company.

Google and Microsoft are long-time adversaries. Microsoft is a prominent member of a consortium that pursued government sanctions against the Web search leader for practices alleged to be anti-competitive. Microsoft executives were sharply critical of what they perceived as a "weak" conclusion in January to a US Federal Trade Commission probe into Google's business dealings.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.