A group of researchers upset about Microsoft's handling of flaws have launched a campaign to publically disclose security vulnerabilities within the company's products.
Known as the Microsoft-Spurned Researcher Collective, the group reported a denial of service vulnerability for Windows Vista and Server 2008.
Along with the report came a warning from the group of further zero-day vulnerability disclosures.
"MSRC will fully disclose vulnerability information discovered in our free time, free from retaliation against us or any inferred employer," the message read.
The group says that the effort is the result of frustrations over Microsoft's dealings with security researchers, including the company's handling of a flaw reported by researcher Tavis Ormandy.
In a statement provided to V3.co.uk, Microsoft response communications group manager Jerry Bryant said that the company was currently investigating the reported vulnerability, which it believes to only be exploitable by those with local access to, or code already running on, the targeted system.
"To minimise risk to computer users, Microsoft continues to encourage responsible disclosure," Bryant said of the company's dealings with researchers.
"Reporting vulnerabilities directly to vendors helps to ensure that potentially affected customers receive high-quality, comprehensive updates before cybercriminals learn of a vulnerability, and work to exploit it."
Disgruntled researchers take aim at Microsoft
By
Shaun Nichols
on Jul 7, 2010 2:46PM
Protest handling of vulnerability reports.
