Less than two weeks after Google researcher Tavis Ormandy released information about a new Windows zero-day vulnerability on the Full Disclosure mailing list and asked for help in creating an exploit, he has returned with one and added that there is another one already in circulation.
The presence of 0-day vulnerability exploitation is often a real and considerable threat to the Internet - particularly when very popular consumer-level software is the target.
The debate regarding responsible vulnerability disclosure and full vulnerability disclosure has been started many times in the past, and it's an issue that will continue to be debated in the future even though the likelihood of reaching a consensus is practically nil.
Tavis Ormandy - the Google researcher known for discovering a slew of Windows, Java and Flash Player vulnerabilities and zero-days and his combative attitude regarding the "responsible disclosure" policy preferred by software companies - has been working on exploiting another Windows zero-day vulnerability and asking for assistance on the Full Disclosure mailing list.
Update: Wednesday, 22 May 2013 - Tal Be'ery: “We had analyzed a screenshot of what we had thought at the time the current EC council site hack.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.