This month’s Patch Tuesday update, set to go live in mere hours, looks like it come with a fix for the Windows kernel vulnerability that was reported by a Google researcher by the name of Tavis Ormandy.
Microsoft recently announced that it would be releasing seven different security bulletins as part of July’s Patch Tuesday cycle, and while both Windows and Internet Explorer are set to receive updates, the amount of critical fixes is rather high — at six bulletins marked as Critical.
The latest on this is that Microsoft will also fix the Windows kernel flaw that was recently unearthed by the Google researcher. Redmond was expected to patch it a bit sooner, but it is good to see that this little problem will finally be fixed this month.
Ormandy actually found the flaw a couple of months back, but after trying to contact Microsoft in order to provide more information about the vulnerability, he decided to make all details public.
The reason cited by the Google researcher was, in his own words, that Microsoft treats vulnerability researchers with great hostility and the company is quite often very difficult to work with.
Obviously, this is his side of the story, but nevertheless, Ormandy decided to publish the exploit online in order to force the software giant to pay it due attention and patch it sooner.
This month’s Patch Tuesday updates are set to go live sometimes tomorrow (July 9), so be on the lookout in order to fix this kernel flaw and other vulnerabilities.
All Comments
Read between the lines. Does google have a team devoted to exposing windows bugs directly to hacker (as apposed to privately telling MS so they can fix it before it hurts me, the windows user)?
Microsoft is paying “vulnerability researchers ” to find faults in their code, that really is “great hostility” isn’t it?
Well, maybe Tavis Ormandy could not just get on that list 🙂