https://www.computerworld.com/s/article/9240774/Targeted_attacks_exploit_now_patched_Windows_bug_revealed_by_Google_engineer
By Gregg Keizer
Computerworld
July 12, 2013
Microsoft this week said a pair of vulnerabilities, including one publicly
disclosed by a Google security engineer in May, had been exploited in the
wild before they were patched on Tuesday.
"Microsoft was aware of this vulnerability being used to achieve elevation
of privilege in targeted attacks," the firm said in a security bulletin
Tuesday that covered eight flaws in Windows' kernel-mode drivers -- one of
them the vulnerability revealed two months before by Google researcher
Tavis Ormandy.
Ormandy, who has had a contentious relationship with Microsoft for years,
posted information about a then-unpatched bug in Windows on May 17. At the
time, Ormandy called Microsoft's code "silly" and claimed that the Google
rival had treated outside researchers with "great hostility" and was "very
difficult to work with."
While Ormandy did not publicly reveal a working exploit, attack code was
released soon after his disclosure.
[...]
--
Visit the new and improved InfoSec News website
http://www.infosecnews.org/
