Google Information Security Engineer Tavis Ormandy publicly disclosed a bug in the Windows operating system in May, and Microsoft now claims there have been “targeted attacks” using the vulnerability. In a security bulletin issued on Tuesday, the software maker notes it was made aware of attackers using the bug to elevate security privileges in Windows. “Microsoft detected targeted attacks after the issue described by CVE-2013-3660 became publicly known,” says Microsoft’s Dustin Childs in a statement issued to The Verge. Targeted attacks is a term usually used to describe malicious malware or threats to specific industry’s or organizations.
Ormandy, who claims Microsoft is difficult to work with, revealed the bug publicly in a full…
Read more at The Verge