Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft Spurned Researchers Release 0-Day

Posted by kdawson on from the that's-sure-to-help dept.

nk497 notes the news that a group of researchers calling themselves the Microsoft-Spurned Researcher Collective (the name is a play on Microsoft's Security Response Center) have come together to protest Microsoft's perceived heavy-handedness towards researchers who disclose security flaws. Pushed into action by the reception to the flaw disclosed by Tavis Ormandy, the group has released full details and exploit code for a previously unknown Windows local privilege escalation vulnerability. The advisory for the vulnerability, which affects Windows Vista and Windows Server 2008, contains the following manifesto: "Due to hostility toward security researchers, the most recent example being of Tavis Ormandy, a number of us from the industry (and some not from the industry) have come together to form MSRC: the Microsoft-Spurned Researcher Collective. MSRC will fully disclose vulnerability information discovered in our free time, free from retaliation against us or any inferred employer."

2 of 246 comments (clear)

  1. Re:So... by gandhi_2 · · Score: 1, Offtopic

    s/Microsoft/Just About All Major Software Companies/

    --
    THL phish sticks
  2. Re:Not to side with Microsoft, but... by Blakey+Rat · · Score: 0, Offtopic

    Meanwhile, everybody's ignoring the sieve-like Adobe suite of products which are infecting thousands of new computers every day.

    --
    Comment of the year