Google dev drops Windows kernel exploit

By

Leads to privilege escalation.

A Google security engineer on Sunday posted a working exploit for a Windows kernel privilege escalation vulnerability that he publicly disclosed last month.

Google dev drops Windows kernel exploit

Tavis Ormandy, who butted heads with Microsoft three years ago after he published details about a Windows Help and Support Center flaw before the software giant had a fix in place, initially posted the latest bug to the Full Disclosure mailing list back in mid-May.

According to vulnerability management firm Secunia, the weakness could be exploited to escalate privileges or cause a denial-of-service.

"The vulnerability is caused due to an error within 'win32k.sys' when processing certain objects and can be exploited to cause a crash or execute arbitrary code with the kernel privilege," according to a Secunia advisory. "The vulnerability is confirmed on a fully patched Windows 7 x86 Professional...and reported on Windows 8. Other versions may also be affected."

In the case three years ago, Ormandy said he publicly disclosed the vulnerability after he and Microsoft failed to negotiate a timeline for a fix. With the current vulnerability, he appears to never have contacted Redmond.

"Note that Microsoft [treats] vulnerability researchers with great hostility, and are often very difficult to work with," Ormandy wrote May 15 on his personal blog. "I would advise only speaking to them under a pseudonym, using Tor and anonymous email to protect yourself."

Dustin Childs, group manager of Microsoft Trustworthy Computing, told SCMagazine.com in a statement that the firm is investigating the issue and is not aware of any active attacks.

Ormandy is a Swiss-based researcher at Google, which last week unveiled a strict new policy that asks software vendors to respond within seven days to vulnerabilities being exploited in the wild. In 2010, after its dispute with Ormandy, Microsoft launched a new initiative that attempted to reframe the debate around vulnerability disclosure.

The company has faced criticism for being slow to respond to vulnerability reports and for refusing to pay researchers, similar to Adobe and Apple. Other software companies, though, have created so-called bug bounty programs to compensate researchers for their finds, including Google and Mozilla.

Ormandy could not be reached for comment by SCMagazine.com.

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?