Microsoft quietly finding, reporting security holes in Apple, Google products

Microsoft quietly finding, reporting security holes in Apple, Google products

Summary: Since July 2010, Microsoft's vulnerability research team has identified and responsibly disclosed 109 different software vulnerabilities affecting a total of 38 vendors.

SHARE:
TOPICS: Security
100

Researchers at Microsoft have been quietly finding -- and helping to fix -- security defects in products made by third-party vendors, including Apple and Google.

This month alone, the MSVR (Microsoft Security Vulnerability Research) team released advisories to document vulnerabilities in WordPress and Apple's Safari browser and in July, software flaws were found and fixed in Google Picasa and Facebook.

The MSVR program, launched two three years ago, gives Microsoft researchers freedom to audit the code of third-party software and work in a collaborative way with the affected vendor to get those issues fixed before they are publicly compromised.

[ SEE: Microsoft says Google Chrome Frame doubles IE attack surface ]

follow Ryan Naraine on twitterThe team's work gained prominence in 2009 when a dangerous security hole in Google Chrome Frame was found and fixed but it's not very well known that the team has spent the last year disclosing hundreds of security defects in third-party software.

Since July 2010, Microsoft said the MSVR team identified and responsibly disclosed 109 different software vulnerabilities affecting a total of 38 vendors.

More than 93 percent of the third-party vulnerabilities found through MSVR since July 2010 were rated as Critical or Important, the company explained.

"Vendors have responded and have coordinated on 97 percent of all reported vulnerabilities; 29 percent of third-party vulnerabilities found since July 2010 have already been resolved, and none of the vulnerabilities without updates have been observed in any attacks," Microsoft said.

This week's discoveries:

  • A vulnerability exists in the way Safari handles certain content types. An attacker could exploit this vulnerability to cause Safari to execute script content and disclose potentially sensitive information. An attacker who successfully exploited this vulnerability would gain sensitive information that could be used in further attacks.
  • A vulnerability exists in the way that WordPress previously implemented protection against cross site scripting and content-type validation. An attacker could exploit this vulnerability to achieve script execution.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

100 comments
Log in or register to join the discussion
  • RE: Microsoft quietly finding, reporting security holes in Apple, Google products

    And yet, people insist that Microsoft is evil.
    Aerowind
    • RE: Microsoft quietly finding, reporting security holes in Apple, Google products

      @Aerowind

      +1
      reklissrick
    • RE: Microsoft quietly finding, reporting security holes in Apple, Google products

      @Aerowind no longer evil. the evil one is apple now.
      tatiGmail
      • RE: Microsoft quietly finding, reporting security holes in Apple, Google products

        @tatiGmail

        ... and Google.
        Badgered
      • RE: Microsoft quietly finding, reporting security holes in Apple, Google products

        @tatiGmail

        +1
        mahdi_negahi
      • RE: Microsoft quietly finding, reporting security holes in Apple, Google products

        @tatiGmail
        You just have no idea. Microsoft has almost 100% market penetration - virtually a monopoly on the desktop, has killed Symbian and MeeGo, now trying to take down Android, over the decades legally dubious business practices in maintaining their monopoly, so much more people and businesses are locked in to Microsoft products, etc ,too much to list here. And, on visiting a local large electronic retailers, have gotten rid all Logitech hardware, so now there are Microsoft left, and the hundreds of PC with, you guessed it Microsoft - there is no choice just Microsoft hardware and OS. Maybe you weren't around when for over 10 years there was hardly no PC innovation because of Microsoft's collusion with OEM's, Intel and retailers.
        root12
      • RE: Microsoft quietly finding, reporting security holes in Apple, Google products

        @root12 - wth? Microsoft killed Symbian and Meego??? How, precisely did they do that?

        It's time to get over Microsoft's prior business practices. The were found out, fined, forced to change their business practices and spent 7 years operating under DOJ oversight.

        As has been amply demonstrated over the last 10 years, there is ample competition in the market where customers want alternatives (e.g. Mobile), but the fact is that most customers do NOT want alternative desktop/laptop OS' which is why they continue to primarily buy Windows.
        bitcrazed
      • RE: Microsoft quietly finding, reporting security holes in Apple, Google products

        @tatiGmail +1
        The Douginator
      • Message has been deleted.

        zato_3@...
        • RE: Microsoft quietly finding, reporting security holes in Apple, Google products

          @zato_3@...
          Evil is CNet/ZDNet who continue to be a propaganda agent for Microsoft.
          zato_3@...
      • Message has been deleted.

        Ram U
      • RE: Microsoft quietly finding, reporting security holes in Apple, Google products

        @tatiGmail Google.
        Jeremy-UK
      • RE: Microsoft quietly finding, reporting security holes in Apple, Google products

        @root12

        When did Microsoft start making it's own computer hardware?
        What innovation did you expect to happen in the last 10 years that we are missing on PC's?
        Turd Furgeson
      • RE: Microsoft quietly finding, reporting security holes in Apple, Google products

        @root12 You're FOS. Logitech is alive and well, and I'm mousing and typing with Logitech at this very moment.

        What is "virtually a monopoly"? It is or it ain't. In this case, there's Apple's OS, Linux, BSD, Chrome. There's 2 very popular FREE office suites besides MS Office. There's a multitude of media management/player software. 4 major web browers, plus lots of others to choose from.

        Where is this monopoly. People have a choice, so if the biggest percentage choose MS it's not due to monopoly, it's because whether you like it or not, some of us out here like Microsoft products. If you don't, then use something else, but don't use it to spew the kind of crap you did in this post.
        waterhzrd
    • RE: Microsoft quietly finding, reporting security holes in Apple, Google products

      @Aerowind

      Microsoft learned their lessons though the DOJ and EU.

      Apple has yet to experience the consequences of their anti-competitive behavior...

      [i]~~~~~~~~~~
      Fools say they learn through experience. I prefer to learn through other people's experiences.
      ~ Bismarck

      The only constant is change.
      ~ Confucius

      The words of truth are always paradoxical.
      ~ Lao Tzu

      Hegel was right when he said that we learn from history that man can never learn anything from history.
      ~ George Bernard Shaw[/i]
      WinTard
      • RE: Microsoft quietly finding, reporting security holes in Apple, Google products

        @WinTard
        I do not like Apple's ways, and so I don't buy their products. This is not a slam on Apple, but they are basically a toy maker -- very, very compelling and much loved toys. They do not hold dominant market positions in any area in which they compete -- not even in digital music -- and make no "basic" products like steel, food, or transportation. Thus, while I agree that they are bad news, they are also easy to stay away from. If you don't like Apple, just don't use their stuff. You won't miss it.
        x I'm tc
      • Message has been deleted.

        anono
      • RE: Microsoft quietly finding, reporting security holes in Apple, Google products

        @WinTard "Change is the only constant" - Buddha long before Confucius was ever born
        prasanna_vps
      • RE: Microsoft quietly finding, reporting security holes in Apple, Google products

        jdakula,

        "They do not hold dominant market positions in any area in which they compete -- not even in digital music"

        That just isn't true, they hold more than 70% of the market for online music, and about 80% of the market for Mp3 players, this is not simply 'dominant' it is overwhelming.


        But market share is ultimately beside the point. The issue is whether or not a company practices anti-competitive behavior, and a company does not need to have 90% market share or more to be anti-competitive.

        And Apple has a lot of anti-competitive practices, for example they require music labels to agree not to offer songs at a lower price somewhere else if they are available from the iTunes store, that's anti-competitive.
        Doctor Demento
      • RE: Microsoft quietly finding, reporting security holes in Apple, Google products

        @Doctor Demento,

        "And Apple has a lot of anti-competitive practices, for example they require music labels to agree not to offer songs at a lower price somewhere else if they are available from the iTunes store, that's anti-competitive."

        That is called a negotiation. Apple must be offering something pretty special to the music labels for them to agree to these conditions n'est pas?
        YaBaby