Microsoft has suffered an attack by hackers who have exploited a bug that was disclosed two months ago by an Google researcher, leading to a backlash from the software giant over not being notified of the vulnerability before going public.
In an advisory by Microsoft today the software giant announced hackers had launched “targeted attacks” on some of its computers.
It is unclear as to whether information disclosed by Google’s security engineer Tavis Ormandy in May could have in any way resulted aided the hackers, with some analysts saying the technical information exposed by the researcher was too revealing, although Microsoft has declined to link the two scenarios.
Ormandy in a blog post advised researchers to use pseudonyms and anonymous mails when communicating with Microsoft, citing security flaws.
Ormandy listed a host of vulnerabilities which he warned could be exploited by “malicious, local users to disclose sensitive information, cause a DoS (Denial of Service), and potentially gain escalated privileges and by malicious people to potentially compromise a vulnerable system”.
