Windows Flaw Found
An elevation-of-privilege flaw exists, and Microsoft is keeping the info close to its vest. Apparently the flaw is a true flaw in that a proof-of-concept exercise exploited the hole.
I'm all for transparency but not a big fan of detailing a hole to hackers before it's plugged.
In another cool move, the code that attacks the hole has been removed from the Web. Classy move.
When should vulnerabilities become public? Put on your white, gray or black hat and share your views at email@example.com.
Posted by Doug Barney on 12/01/2010 at 1:18 PM