Google engineer posts exploit for Windows kernel bug

News by Dan Kaplan

A Google security engineer posted a working exploit for a Windows kernel privilege escalation vulnerability on Sunday that he publicly disclosed last month.

A Google security engineer posted a working exploit for a Windows kernel privilege escalation vulnerability on Sunday that he publicly disclosed last month.

Tavis Ormandy, who crossed paths with Microsoft three years ago after he published details about a Windows Help and Support Center flaw before the software giant had a fix in place, initially posted the latest bug to the Full Disclosure mailing list back in mid-May.

According to vulnerability management firm Secunia, the weakness could be exploited to escalate privileges or cause a denial-of-service. “The vulnerability is caused due to an error within 'win32k.sys' when processing certain objects and can be exploited to cause a crash or execute arbitrary code with the kernel privilege," according to a Secunia advisory.

"The vulnerability is confirmed on a fully patched Windows 7 x86 Professional and reported on Windows 8. Other versions may also be affected.”

In the case three years ago, Ormandy said he publicly disclosed the vulnerability after he and Microsoft failed to negotiate a timeline for a fix. With the current vulnerability, he appears to never have contacted Microsoft.

"Note that Microsoft [treats] vulnerability researchers with great hostility, and are often very difficult to work with," Ormandy wrote on his personal blog. "I would advise only speaking to them under a pseudonym, using Tor and anonymous email to protect yourself."

Dustin Childs, group manager of Microsoft Trustworthy Computing, told SC Magazine US that the firm is investigating the issue and is not aware of any active attacks.

Ormandy is a Swiss-based researcher at Google, which last week unveiled a strict new policy that asks software vendors to respond within seven days to vulnerabilities being exploited in the wild. In 2010, after its dispute with Ormandy, Microsoft launched a new initiative that attempted to reframe the debate around vulnerability disclosure.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews