Computer Terrorism issued a security advisory on Monday and published proof-of-concept code demonstrating how a known flaw in Internet Explorer could be used to execute code. The method could be used by an attacker to take control over a system.
It is common practice in the security industry to allow software vendors time to develop a patch before details about any vulnerabilities are published. Such details could help malware authors in creating exploits for the flaw and could put the security of end users at risk.
Microsoft is alleging that Computer Terrorism broke with that practice. " Microsoft is disappointed that certain security researchers have breached common industry practices and published proof-of-concept code potentially harming computer users," a company spokesman told vnunet.com.
"Microsoft continues to urge security researchers to disclose vulnerability information responsibly and allow customers time to deploy updates so that they do not aid criminals in their attempt to take advantage of software vulnerabilities."
However, senior security research analyst Simon Robinson argued that Computer Terrorism had no choice. The Internet Explorer flaw was originally published in May but at the time was considered to form only a minor security threat.
"It should never have been classified as a low-level vulnerability," Robinson told vnunet.com. "It should have been a moderate risk. When we picked up that it could be exploitable, we were astonished at how easy it was."
By going public the firm sought to warn end users that they were facing a severe risk. "We had a strong belief that is was already being exploited in the wild," said Robinson.
He emphasised that the firm is talking to Microsoft about the security report and in other cases does follow the industry's non-disclosure guidelines.
"This case where the severity rating of a known flaw had to be elevated to 'highly critical' is unprecedented and justified a deviation from common practices," he said.
Cotton seedling freezes to death as Chang'e-4 shuts down for the Moon's 14-day lunar night
Fortnite easily out-earns PUBG, Assassin's Creed Odyssey and Red Dead Redemption 2 in 2018
Meteor showers as a service will be visible for about 100 kilometres in all directions
Saturn's rings only formed in the past 100 million years, suggests analysis of Cassini space probe data
New findings contradict conventional belief that Saturn's rings were formed along with the planet about 4.5 billion years ago