Disgruntled researchers take aim at Microsoft

By on
Disgruntled researchers take aim at Microsoft

Protest handling of vulnerability reports.

A group of researchers upset about Microsoft's handling of flaws have launched a campaign to publically disclose security vulnerabilities within the company's products.

Known as the Microsoft-Spurned Researcher Collective, the group reported a denial of service vulnerability for Windows Vista and Server 2008.

Along with the report came a warning from the group of further zero-day vulnerability disclosures.

"MSRC will fully disclose vulnerability information discovered in our free time, free from retaliation against us or any inferred employer," the message read.

The group says that the effort is the result of frustrations over Microsoft's dealings with security researchers, including the company's handling of a flaw reported by researcher Tavis Ormandy.

In a statement provided to V3.co.uk, Microsoft response communications group manager Jerry Bryant said that the company was currently investigating the reported vulnerability, which it believes to only be exploitable by those with local access to, or code already running on, the targeted system.

"To minimise risk to computer users, Microsoft continues to encourage responsible disclosure," Bryant said of the company's dealings with researchers.

"Reporting vulnerabilities directly to vendors helps to ensure that potentially affected customers receive high-quality, comprehensive updates before cybercriminals learn of a vulnerability, and work to exploit it."

Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:
companysgrouphandlingmicrosoftresearcherssecuritysoftwarevulnerability

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

Most Read Articles

NBN Co sizes up six-figure customer exodus a year to fixed wireless

NBN Co sizes up six-figure customer exodus a year to fixed wireless
NBN Co to cut 160 applications under $200m IT simplification

NBN Co to cut 160 applications under $200m IT simplification
What to expect from the incoming Labor government

What to expect from the incoming Labor government
NBN Co's 250Mbps and gigabit growth is finally clear

NBN Co's 250Mbps and gigabit growth is finally clear

Digital Nation

COVER STORY: Data and IoT set digital agriculture on a sustainable future
COVER STORY: Data and IoT set digital agriculture on a sustainable future
Lendlease launches its own metaverse in Milan
Lendlease launches its own metaverse in Milan
COVER STORY: A Year in the Metaverse
COVER STORY: A Year in the Metaverse
CTO Juergen Mueller offers a glimpse into SAP's metaverse play
CTO Juergen Mueller offers a glimpse into SAP's metaverse play
Why do DeFi and DAOs matter to business?
Why do DeFi and DAOs matter to business?

Log In

  |  Forgot your password?