Google Developer Tavis Ormandy has discovered and published a vulnerability in Windows XP and Windows Server 2003. There will be discovered numerous vulnerabilities in Windows and other programs from Microsoft, but usually tries software company to keep the information secret until you are ready with a patch.
Tavis Ormandy informed Microsoft about the 5th hole June and went to the public with information, only four days later, on 9 June. He justifies this with the fact that the vulnerability is already being exploited actively.
But at Microsoft you are anything but enthusiastic about this revelation. In this blog expresses his frustration software company. Microsoft believes that it is irresponsible to expose the hole in the patch is finished and assesses that it will entail a greater risk to users.
Security hole could be exploited by integrating special commands in a URL. When the victim opens this URL, start a tool for remote administration on the computer where the attacker can then execute arbitrary commands on the machine.
Ormandy has even released a hotfix that should fix the error, but Microsoft believes that this is virtually worthless. Microsoft his own advice to what you can do to minimize risk.
