Googler-exposed Windows flaw exploited by hackers
Microsoft announces targeted attacks two months after Google employee outs vulnerability
Microsoft Corp yesterday announced that a software vulnerability in Windows, first exposed by a Google security engineer, has been exploited, according to report from Reuters.
Tavis Ormandy, the Google engineer who posted details of the flaw in May on a Microsoft blog, was heavily criticised at the time because he did so without first informing Microsoft, thereby not allowing the Windows vendor to fix the issue.
Ormandy also slammed Microsoft's security division for being difficult to work with and advised other researchers to keep their identity a secret when engaging with Redmond security officials.
When Microsoft announced yesterday that targeted attacks had occurred using the vulnerability, representatives were quizzed on whether they thought Ormandy's disclosure had led to the attacks. They had no comment to make.
While Reuters reported that Ormandy could not be reached for comment, it also said a Google official claimed that Ormandy's work on the Windows flaw was a personal project and had nothing to do with his work for the company.
Google and Microsoft are long-time adversaries. Microsoft is a prominent member of a consortium that pursued government sanctions against the Web search leader for practices alleged to be anti-competitive. Microsoft executives were sharply critical of what they perceived as a "weak" conclusion in January to a US Federal Trade Commission probe into Google's business dealings.