Anti-Microsoft Group Reveals Windows Zero-Day Bug

Paul Lilly

Forget about a woman scorned, it's an anonymous group of pissed off researchers that's directing their fury at Microsoft. The group, whose members wish to remain anonymous, formed the "Microsoft-Spurned Researcher Collective," and one of their first acts of business was to publish information detailing an unpatched Windows bug as a way of avenging alleged mistreatment of a colleague.

"Due to hostility toward security researchers, the most recent example being of Tavis Ormandy, a number of us from the industry (and some not from the industry) have come together to form MSRC: the Microsoft-Spurned Researcher Collective," the message read. "MSRC will fully disclose vulnerability information discovered in our free time, free from retaliation against us or any inferred employer."

It doesn't take a rocket scientist to figure out that the name of the group is a jab at the Microsoft Security Response Center (MSRC), which is responsible for sniffing out vulnerabilities. But if they're looking to rattle Microsoft's cage, it doesn't appear to be working.

"Our intial analysis of the Proof-of-Concept code supplied has determined that an attacker must be able to log on locally or already have code running on the target system in order to cause a local Denial of Service," said Jerry Bryant, a group manager with the company's MSRC.

Image Credit: TechCrunch

Around the web