Skip to main content
  1. Home
  2. Computing
  3. News

Security Experts Rally…Against Microsoft

By
Image used with permission by copyright holder

In the world of computer security, the industry standard best practice is a process called “responsible disclosure:” when a security issue is discovered with a software product, the discoverer reports to the problem to the software vendor and gives them time to develop a patch or workaround. Once a fix is available, then the bug’s discoverer (or the affected software company) can make information about the bug public. The idea is to reduce (or eliminate) the amount of time knowledge about the problem is floating around the Internet with no fix available.

Now, an anonymous group of security researchers has become frustrated with the “hostility” displayed by software giant Microsoft to outside security researchers, and has decided to throw responsible disclosure to the wind. Naming themselves the Microsoft-Spurned Researchers Collective—MSRC, a play on Microsoft’s own Microsoft Security Response Center—they have pledged to full disclose any vulnerabilities they uncover, without first reporting the problems to Microsoft so the company can evaluate them and develop a fix. To make good on their charter, the group disclosed a vulnerability in Windows Vista and Server 2008 that could be used to crash systems and, potentially, execute malicious code.

Recommended Videos

The anonymous group cites Microsoft’s recent treatment of Tavis Ormandy as the inventive for their action; Ormandy found the 17-year-old security problem in WIndows’ Virtual DOS Machine and more recently reported a significant security issue with Windows XP’s Help Center. Microsoft identified Ormandy as a Google employee; Ormandy maintains his reports to Microsoft were independent of Google and the company’s name should not have been used.

Related: 
Best new movies to stream on Netflix, Hulu, Prime Video, HBO Max, and more

If the Microsoft-Spurned Researcher Collective gains momentum—and is able to deliver up significant security vulnerabilities to the general public—the group could be a boon to attackers and malware developers always looking for new ways to break into Windows systems. However, the group’s existence highlights the often contentious relations between software vendors and security researchers: while the vast majority of security issues are reported and patched without public drama, software makers do need to be mindful of how they interact with broader computer security communities.

Geoff Duncan
Geoff Duncan
Former Contributor
Geoff Duncan writes, programs, edits, plays music, and delights in making software misbehave. He's probably the only member…
Topics

Editors’ Recommendations

Microsoft accounts will push you to ditch passwords and use a passkey
Passkey sign in for Microsoft account.

Microsoft joined the passkey party in May last year, and today, it has announced the next step to protect folks using a Windows PC or any other Microsoft service. Moving ahead, all new Microsoft accounts will go password-less by default. Convenience and enhanced safety, if you will.

Imagine a world where you don’t have to remember complex passwords, or hackers cracking their way past it with ease for your Microsoft account. The solution to that security utopia is passkeys, which are essentially digital keys that turn your trusted devices into a login key.

Read more
6 security settings I always change on a new Windows PC
The Windows Security app in Windows 11.

It's tempting to jump straight into personalizing a new Windows 11 PC — apps, wallpaper, the works. I've been there. There's just something about tweaking a new machine that makes it feel like yours. But before the fun starts, I always take some time to lock down the security settings. It's a small effort that pays off with peace of mind, especially with so many online threats lurking out there. After all, nothing kills the excitement of a new PC faster than running into a virus or security scare.

Here are the settings I change every time I get a new Windows 11 PC — and why they matter.

Read more
Outlook typing lag will finally get a fix from Microsoft
A Dell laptop connected to a hard drive on a couch.

If you use classic Outlook to handle your emails, then you're most likely familiar with the annoying bug that causes huge CPU spikes while typing. It can be difficult to finish emails when your system resources jump by as much as 50 percent (and increase power usage with it), but Microsoft has finally announced that a fix is on the way. The downside? It won't arrive until late May for most users, although some might see it in early or mid May if they're part of the beta program. Until then, there is a workaround.

Rolling classic Outlook back to version 2405 seems to fix the issue, but it comes with a not-insignificant tradeoff. Updates since version 2405 have patched several security flaws, so if you opt to go this route, be aware that it opens your system to vulnerabilities.

Read more