This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.bbc.co.uk/news/technology-23255086

The article has changed 4 times. There is an RSS feed of changes available.

Version 1 Version 2
PCs attacked after Google worker revealed Microsoft bug PCs attacked after Google worker revealed Microsoft bug
(about 4 hours later)
A Windows bug publicised by a Google engineer has been exploited by hackers, according to Microsoft. An Internet Explorer bug publicised by a Google engineer has been exploited by hackers, according to Microsoft.
The firm flagged "targeted attacks" in its latest security bulletin.The firm flagged "targeted attacks" in its latest security bulletin.
It did not, however, draw a direct link to researcher Tavis Ormandy, who revealed the flaw in May without discussing it first with Microsoft.It did not, however, draw a direct link to researcher Tavis Ormandy, who revealed the flaw in May without discussing it first with Microsoft.
Microsoft released a fix several days after the revelation. It was not the first time Mr Ormandy had gone public with Microsoft bugs.Microsoft released a fix several days after the revelation. It was not the first time Mr Ormandy had gone public with Microsoft bugs.
The engineer's most recent post on the Full Disclosure site was criticised by a security expert, because he not only mentioned the existence of the bug but actually provided technical details of the vulnerability in Windows 7 and Windows 8, among other versions of the system, that could be exploited by hackers. The engineer's most recent post on the Full Disclosure site was criticised by a security expert, because he not only mentioned the existence of the bug but actually provided technical details of the vulnerability in Windows 7 and Windows 8 that could be exploited by hackers.
"This security update resolves two publicly disclosed and six privately reported vulnerabilities in Microsoft Windows. The most severe vulnerability could allow remote code execution if a user views shared content that embeds TrueType font files," the software maker posted on its Security Bulletin page. "Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8," the software maker posted on its Security Bulletin page.
Microsoft explained that the vulnerability could allow an attacker to "take complete control of an affected system". Microsoft explained that the vulnerability could allow an attacker to "gain the same user rights as the current user", permitting a hacker to change their target's PC settings.
Acting in his own personal capacity and not as a Google employee, Mr Ormandy initially revealed the flaw on 17 May.Acting in his own personal capacity and not as a Google employee, Mr Ormandy initially revealed the flaw on 17 May.
He then asked for help in dealing with the issue. "I don't have much free time to work on silly Microsoft code, so I'm looking for ideas on how to fix the final obstacle for exploitation," he wrote on the site.He then asked for help in dealing with the issue. "I don't have much free time to work on silly Microsoft code, so I'm looking for ideas on how to fix the final obstacle for exploitation," he wrote on the site.
Three days later, the engineer posted on Full Disclosure again, this time offering the full demonstration code.Three days later, the engineer posted on Full Disclosure again, this time offering the full demonstration code.
"I have a working exploit that grants system on all currently supported versions of Windows," he wrote. "Code is available on request to students from reputable schools.""I have a working exploit that grants system on all currently supported versions of Windows," he wrote. "Code is available on request to students from reputable schools."
Irresponsible behaviour?Irresponsible behaviour?
In a blog post shortly before the disclosure, Mr Ormandy wrote that Microsoft was "often very difficult to work with".In a blog post shortly before the disclosure, Mr Ormandy wrote that Microsoft was "often very difficult to work with".
He also advised researchers to use pseudonyms when dealing with the software giant, adding that Microsoft treated "vulnerability researchers with great hostility".He also advised researchers to use pseudonyms when dealing with the software giant, adding that Microsoft treated "vulnerability researchers with great hostility".
In 2010, Mr Ormandy also posted publicly about a flaw in Windows XP - just five days after informing Microsoft about it.In 2010, Mr Ormandy also posted publicly about a flaw in Windows XP - just five days after informing Microsoft about it.
Graham Cluley, an independent analyst who previously worked for security firm Sophos, said back then that the revelation had left people "wondering whether this was a responsible way for a Google employee to behave".Graham Cluley, an independent analyst who previously worked for security firm Sophos, said back then that the revelation had left people "wondering whether this was a responsible way for a Google employee to behave".
"I'm sure, however, that they would rather have fixed this vulnerability behind closed doors, without exploit code circulating in the wild, and would have preferred if this Google engineer had acted responsibly," he added."I'm sure, however, that they would rather have fixed this vulnerability behind closed doors, without exploit code circulating in the wild, and would have preferred if this Google engineer had acted responsibly," he added.