Microsoft this week said a pair of vulnerabilities, including one publicly disclosed by a Google security engineer in May, had been exploited in the wild before they were patched on Tuesday.
From Computerworld:
From Computerworld:
"Microsoft was aware of this vulnerability being used to achieve elevation of privilege in targeted attacks," the firm said in a security bulletin Tuesday that covered eight flaws in Windows' kernel-mode drivers -- one of them the vulnerability revealed two months before by Google researcher Tavis Ormandy.Targeted attacks exploit now-patched Windows bug revealed by Google engineer
Ormandy, who has had a contentious relationship with Microsoft for years, posted information about a then-unpatched bug in Windows on May 17. At the time, Ormandy called Microsoft's code "silly" and claimed that the Google rival had treated outside researchers with "great hostility" and was "very difficult to work with."