By

Google Points Out Windows XP Flaw: Leaves Microsoft Fuming!

Windows Help and Support Center offers Web-based technical support to users. A Google researcher, Tavis Ormandy, not only found a zero-day vulnerability that he says makes things easy for a remote attacker, but also publicly demonstrated how the error works.

This error is said to be in the Help and Support Center, which supports remote links to help with the use of hcp://addresses. Windows XP SP2 introduced a system where the program runs in a restricted mode where links from addresses on a special whitelist only are given access. But the flaw allows bypass of this whitelist.

Tavis Ormandy disclosed this error to the public. According to him, this flaw enables an attacker to execute code and take complete control of a victim’s machine. This exploit works in Windows Server 2003 and Windows XP and works on several major browsers, including IE8.

Microsoft was none too happy with this public disclosure and showed its displeasure at what it called “irresponsible disclosure” by Ormandy, for revealing details of the vulnerability so quickly. According to Mike Reavey, directory of the Microsoft Security Response Center Blog, this error was reported to them by the researcher on June 5, and their engineers only had three days to investigate on the issue, before it was made public.

He said, “Public disclosure of the details of this vulnerability and how to exploit it, without giving us time to resolve the issue for our potentially affected customers, makes broad attacks more likely and puts customers at risk.”

He wrote in the blog, – We have initiated our emergency response process and will continue to monitor the threat landscape for any signs of attack against this issue. Our Microsoft Active Protections Program (MAPP) partners have detailed information about this vulnerability and are developing protections where possible.

Google on its part says that Ormandy acted independently, conducting the research in his personal time, and this has nothing to do with Google.

It is being said that this is not the first time Ormandy took it upon himself to disclose a Microsoft-related vulnerability. Keeping in mind the competition and rivalry between Google and Microsoft, with Google saying no to the use of Windows internally due to security reasons; people in the know wonder if Ormandy is intentionally bringing negative attention to the security processes of Microsoft.

Tags: , , ,

Written by

Usha is currently a freelance writer and internet marketer. She has worked as a freelance writer for many years and has been an active internet marketer for six years. Having worked in the health-field for ten years in a senior management position, her interests are varied. She writes on a variety of topics, which include business, management, health, tech and a host of others. She is also the author of an e-book on internet marketing, which will be launched soon. Her future plans include publishing a non-fiction novel.

Discussion 1 Comment

  1. WordPress › Error

    There has been a critical error on this website.

    Learn more about troubleshooting WordPress.