ID: IRCNE2013061876
Date: 2013-06-18
According to "zdnet", this month's Patch Tuesday saw five updates in total — one rated "critical" and four "important." But a key Windows vulnerability discovered weeks ago by a Google engineer still hasn't been patched.
Google information security engineer Tavis Ormandy discovered a bug in Windows 2000, Windows XP, and above, including Windows Server 2003 and 2008, that affects the user privileges of the logged-on user.
He made the zero-day flaw public, citing Microsoft as being "often very difficult to work with," and "treat[ing] vulnerability researchers with great hostility."
The software giant said it was not aware of any attacks and had not issued an advisory confirming the flaw.
Microsoft on Thursday confirmed the Google-discovered bug was not included in June's Patch Tuesday.
Microsoft Trustworthy Computing group manager Dustin Childs said in an emailed statement to ZDNet, "Microsoft carefully investigates newly discovered vulnerabilities and rigorously tests security updates on the affected operating systems and applications, and delivers solutions once they are ready."
- 3