Google Security Expert Finds, Publicly Discloses Windows Kernel Bug

Posted by Soulskill on Tuesday June 4, 2013 @09:15AM from the second-verse-same-as-the-first dept.

hypnosec writes "Security expert Tavis Ormandy has discovered a vulnerability in the Windows kernel which, when exploited, would allow an ordinary user to obtain administrative privileges of the system. Google's security pro posted the details of the vulnerability back in May through the Full Disclosure mailing list rather than reporting it to Microsoft first. He has now gone ahead and published a working exploit. This is not the first instance where Ormandy has opted for full disclosure without first informing the vendor of the affected software."

1 of 404 comments (clear)

Min score:

Reason:

Sort:

Re:Seriously, by LordLimecat · 2013-06-04 09:53 · Score: 1, Redundant

He reported the bug back in May.
If I recall, the proper thing to do when there is neither a timeline nor a patch in a reasonable timeframe is to post the PoC to force the vendor to respond.