Discussion on:
Windows token kidnapping returns to haunt Microsoft

View entire thread
Message 1 of 1
Next »
0 Votes
+ -
RE: Windows token kidnapping returns to haunt Microsoft
Loverock Davidson 16th Jul 2010
Sounds too complicated for anyone to really exploit. You already have to be given privileges on the server before you can run exploit code. I will applaud this guy for having morals and waiting until after the patches are released before talking about it. Ormandy could learn quite a bit from this guy on reporting possible vulnerabilities and how to work with Microsoft when one is found. Til then Ormandy should be shunned as well as Google for not firing him for his actions.
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox