Microsoft None Too Happy About Latest Windows Flaw Disclosure

l33tdawg: "Microsoft is disappointed that Xfocus took actions that could put computer users at risk..." Blah blah blah -- they're just pissed off yet another vuln was discovered and that they weren't told about it and given 6 - 8 months to patch it before agreeing to allow any release of any information. Boo hoo! :P

Microsoft Corp. on Monday chided a private research outfit for releasing proof-of-concept code for three potentially serious flaws in the Windows operating system, warning that irresponsible disclosure was not in the best interest of consumers.

The software giant's rebuke comes five days after a Chinese community group called Xfocus Team said it discovered several high-risk vulnerabilities affecting multiple versions of Windows. A spokeswoman for Microsoft said the company is actively investigating the Xfocus Team's findings, which were re-released by anti-virus vendor Symantec Corp. but attributed to a different researcher.

"Microsoft is disappointed that Xfocus took actions that could put computer users at risk by not following the commonly accepted industry practice of privately reporting security vulnerabilities to software vendors," the spokeswoman said.

She called on private researchers to follow the procedure for responsible disclosure, which she said allows vendors to review the reports for accuracy and to determine the best response for customers.

According to the Xfocus advisory, which was confirmed by Symantec Security Response, the most serious of the three vulnerabilities involves the Windows LoadImage API Function.