Microsoft 0-Days

rated by 0 users
This post has 6 Replies | 3 Followers

Top 10 Contributor
Posts 5,054
Points 60,735
Joined: May 2008
Location: U.S.
Moderator
3vi1 Posted: Wed, Jul 7 2010 8:15 AM

Looks like MS shouldn't have cast Tavis Ormany in such a negative light when he pointed out that 17-year old flaw that lets you own all 32-bit Windows boxes.

http://news.softpedia.com/news/Upset-Security-Researchers-Start-Releasing-Microsoft-0Days-146251.shtml

 

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • | Post Points: 35
Top 25 Contributor
Posts 3,798
Points 40,665
Joined: Jan 2010
Location: New York
Inspector replied on Wed, Jul 7 2010 10:20 PM

lol, now lets see who got owned... Thats right, its Microsoft, oh wait... and everyone else the exploits  affect!

 

Microsoft can fix this easily... you know they have a time machine! :P lol j/k

Top 50 Contributor
Posts 3,112
Points 38,335
Joined: Aug 2003
Location: Texas
acarzt replied on Fri, Jul 9 2010 12:34 AM

I wish I could see the link... but I can't since i'm at work :-(

Cliff notes?

  • | Post Points: 20
Top 10 Contributor
Posts 5,054
Points 60,735
Joined: May 2008
Location: U.S.
Moderator
3vi1 replied on Fri, Jul 9 2010 8:54 AM

Your work doesn't let you view news articles at Softpedia, but allows HotHardware forums?  Sounds like a bizarre filtering system.

Here's a summary:

A group of security researchers have released full details and exploitation code for an unpatched Windows local privilege escalation vulnerability. The researchers openly stated that they will continue to do so in response to how Microsoft treated Tavis Ormany, the Google engineer blamed for disclosing a critical Windows bug publicly last month.

The advisory for a new zero-day vulnerability affecting Windows Vista and Windows Server 2008 contains an interesting manifesto which reads: "Due to hostility toward security researchers, the most recent example being of Tavis Ormandy, a number of us from the industry (and some not from the industry) have come together to form MSRC: the Microsoft-Spurned Researcher Collective. MSRC will fully disclose vulnerability information discovered in our free time, free from retaliation against us or any inferred employer."...

They go on to discuss a couple of other zero-day vulnerabilities that have been disclosed in the past week by other people.  I wouldn't worry though; I'm sure these bugs will be fixed in six years.

Here's a link to the MSRC vulnerability at securityfocus: http://www.securityfocus.com/bid/41280/discuss

What part of "Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn" don't you understand?

++++++++++++[>++++>+++++++++>+++>+<<<<-]>+++.>++++++++++.-------------.+++.>---.>--.

  • | Post Points: 20
Top 50 Contributor
Posts 3,112
Points 38,335
Joined: Aug 2003
Location: Texas
acarzt replied on Sat, Jul 10 2010 12:39 AM

lol... yea I can go to a few forums but then they block stupid stuff for outrageous reasons lol

Also that's pretty hilarious.. but really it sounds like they are doing microsoft a favor.

People spend a lot of money to research these types of vulnerabilities lol

  • | Post Points: 20
Top 50 Contributor
Posts 3,236
Points 37,910
Joined: Mar 2010
AKwyn replied on Sat, Jul 10 2010 3:02 AM

If Microsoft wants to retake their position as #1 tech company in the world then they should fire the people who find flaws and let these people work for free. What? It could work.

 

"The future starts with you; now start posting more!"

  • | Post Points: 20
Top 50 Contributor
Posts 3,112
Points 38,335
Joined: Aug 2003
Location: Texas
acarzt replied on Sun, Jul 11 2010 12:55 AM

nah, just get all the hackers riled up and they'll find all the flaws for you real quick lol

  • | Post Points: 5
Page 1 of 1 (7 items) | RSS