Google engineer publicizes Windows zero-day bug, claims Microsoft is ’difficult to work with’

A Google engineer has once again disclosed a Windows flaw. In a Full Disclosure posting to the SecLists mailing list, Tavis Ormandy — an Information Security Engineer at Google — details a vulnerability in Windows 7 and Windows 8 that can be exploited by local users to gain escalated privileges. Security firm Secunia notes that the issue is ”less critical” than other flaws as it’s not a remotely exploitable one. Nevertheless, it appears that Ormandy has taken the full disclosure approach, stating he doesn’t have ”time to work on silly Microsoft code,” rather than Microsoft’s preferred responsible disclosure route that calls for vulnerabilities to be reported privately. Ormandy previously revealed a serious vulnerability in Windows… Continue reading… ]]> http://www.theverge.com/2013/5/23/4358400/google-engineer-bashes-microsoft-discloses-windows-flaw