A group of researchers upset about Microsoft's handling of flaws have launched a campaign to publically disclose security vulnerabilities within the company's products.Known as the Microsoft-Spurned Researcher Collective, the group reported a denial of service vulnerability for Windows Vista and Server 2008.Along with the report came a warning from the group of further zero-day vulnerability disclosures."MSRC will fully disclose vulnerability information discovered in our free time, free from retaliation against us or any inferred employer," the message read.The group says that the effort is the result of frustrations over Microsoft's dealings with security researchers, including the company's handling of a flaw reported by researcher Tavis Ormandy.In a statement provided to V3.co.uk, Microsoft response communications group manager Jerry Bryant said that the company was currently investigating the reported vulnerability, which it believes to only be exploitable by those with local access to, or code already running on, the targeted system."To minimise risk to computer users, Microsoft continues to encourage responsible disclosure," Bryant said of the company's dealings with researchers. "Reporting vulnerabilities directly to vendors helps to ensure that potentially affected customers receive high-quality, comprehensive updates before cybercriminals learn of a vulnerability, and work to exploit it."
Copyright ©v3.co.uk
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.