Disgruntled researchers take aim at Microsoft

By

Protest handling of vulnerability reports.

A group of researchers upset about Microsoft's handling of flaws have launched a campaign to publically disclose security vulnerabilities within the company's products.

Known as the Microsoft-Spurned Researcher Collective, the group reported a denial of service vulnerability for Windows Vista and Server 2008.

Along with the report came a warning from the group of further zero-day vulnerability disclosures.

"MSRC will fully disclose vulnerability information discovered in our free time, free from retaliation against us or any inferred employer," the message read.

The group says that the effort is the result of frustrations over Microsoft's dealings with security researchers, including the company's handling of a flaw reported by researcher Tavis Ormandy.

In a statement provided to V3.co.uk, Microsoft response communications group manager Jerry Bryant said that the company was currently investigating the reported vulnerability, which it believes to only be exploitable by those with local access to, or code already running on, the targeted system.

"To minimise risk to computer users, Microsoft continues to encourage responsible disclosure," Bryant said of the company's dealings with researchers.

"Reporting vulnerabilities directly to vendors helps to ensure that potentially affected customers receive high-quality, comprehensive updates before cybercriminals learn of a vulnerability, and work to exploit it."

Disgruntled researchers take aim at Microsoft
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack

Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"

Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks

International Criminal Court hit by cyber attack

International Criminal Court hit by cyber attack

Log In

  |  Forgot your password?