All the latest UK technology news, reviews and analysis
|
|
|
16 Jun 2010
Security experts have warned that hackers are already exploiting a zero-day vulnerability in Windows Help and Support Center, just days after a Google researcher published exploit code for the attack.
Tavis Ormandy went public with the CVE 2010-1885 vulnerability last week, having given Microsoft just five days to develop a fix. The flaw affects Windows XP and Windows Server 2003.
However, security vendor Sophos warned in a blog post yesterday that a compromised web site has been discovered that exploits the vulnerability by installing Trojan malware which could result in arbitrary code execution on a victim's machine.
Sophos senior technology consultant Graham Cluley launched a scathing attack on Ormandy, arguing that he should have worked with Microsoft to fix the problem and disclosed the vulnerability only when a patch was available.
"Do you feel proud of your behaviour? Do you think that you have helped raise security on the internet? Or did you put your vanity ahead of others' safety?" he wrote in a blog post.
"Five days isn't a sensible period of time to expect Microsoft to develop a fix which has to be tested thoroughly to ensure it doesn't cause more problems than it intends to correct."
Latest stories from Security
Related articles
Related jobs
Poll
What is the most important IT priority for your company this year?
Connect with V3.co.uk
This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes
Why good data management at all levels is essential in the modern business (video, 6mins)
Hosting Delivery Manager - Swindon Hosting Delivery...
My client is one of the most successful hedge funds/proprietary...
1st line service desk analyst. Established and successful...
CCNA Network Engineer (CISCO, FIX, Networking, XML, Support...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree?
Tavis Ormandy is SCUM SCUM SCUM
I agreed wholeheartedly with the comments from Graham Cluley to that IDIOT Tavis Ormandy. I cant believe that a company such as GOOGLE would act so irresponsibly by allowing their staff to openly publish vunerabilities in XP considering that a vast amount of people use this OS. With all the computers likely to be compromised before Microsoft issue a proper fix, will GOOGLE and that IDIOT Ormandy take responsibility and COMPENSATE people who have had private information stolen?? WELL DONE GOOGLE - ANOTHER NAIL IN YOUR COFFIN KEEP IT UP AND MORE AND MORE WILL MOVE AWAY FROM USING YOUR PRODUCTS
Posted by: Jack 02 Jul 2010