Does Bug Blabbing Help Hackers?

A vulnerability in the online Windows Help and Support Center of Windows XP could enable an attacker to control a computer by luring the user to a malicious Web site hosting code. A Google researcher discovered the hole last week before Microsoft had a chance to fix it.

Malicious hackers were already exploiting the hole.

In an article on the CNET news site, Elinor Mills says the “exploits have been taken down from the Web.” But Jerry Bryant, group manager for response communications at Microsoft, said in an e-mail statement that “given public disclosure of full details of the issue” Microsoft expects further attacks.

He reminded the public that the hole does not affect users of Windows 2000, Windows Vista, Windows 7, Windows Server 2008 and Windows Server 2008 R2. An advisory released through Microsoft FixIt encourages Windows XP customers to install the workaround provided.

Tavis Ormandy, the Google researcher who disclosed the vulnerability, claims Microsoft would have ignored him had he not made the hole public. Microsoft representatives and others say he should have given Microsoft time to fix the problem and call his actions irresponsible, says the article.

To read the CNET article, click here: