Windows Bug Found by Google Engineer, Microsoft Issues WarningBy Baselinemag | Posted 2010-06-11 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Microsoft issues a security advisory in response to the publication by a Google employee of attack code for a zero-day vulnerability affecting Windows XP and Windows Server 2003.So far, Microsoft has not seen any evidence the vulnerability is being targeted in the wild. However, attacks may be forthcoming since Ormandy's code is public. Microsoft issued a security advisory June 10 after a Google engineer published attack code targeting a Windows zero-day vulnerability on the Full Disclosure message list.
The vulnerability, uncovered by Google engineer Tavis Ormandy, affects "the Windows Help and Support Center function that is delivered with Windows XP and Windows Server 2003," Microsoft said. Other editions of the operating system are not impacted by the bug.