Microsoft Windows XP Security Issue Revealed by Google Engineer

By Jessica Davis  |  Print this article Print

Following a report by a Google engineer that alleged a security vulnerability in Microsoft Windows XP operating system, Microsoft has issued a security advisory.

Microsoft has issued a security advisory, saying it is investigating reports of a vulnerability in Windows XP and the operating system’s Windows Help and Support Center Function.

Microsoft says the vulnerability could allow remote code execution if a user is lured to a web page or if a user clicks on a "specially crafted link" in an e-mail message.

Those reports that Microsoft says it is investigating came originally from Google. A Google engineer, Tavis Ormandy, posted a vulnerability report to the Full-Disclosure mailing list.   The disclosure was reportedly criticized by Microsoft and other engineers who said it did not follow the responsible disclosure etiquette promoted by Google and others.

Google and Microsoft have locked horns recently, with Google reportedly banning use of Microsoft operating systems by new hires at the company, citing security concerns, and instead giving them a choice of Linux-based PCs or Apple Macs. 

Subscribe to Channel Insider. Click here for our ultra-quick email newsletter registration form.

Jessica Davis covers the channel for eWeek and Channel Insider. Her technology journalism career began well before anyone heard of the World Wide Web and has included stints at Infoworld, Electronic News/EDN, and the Philadelphia Business Journal. Her work has also appeared on CNN and Forbes.com. She has covered hardware, software and networking, as well as the business side of technology. She has won several journalism awards, including a national ASBPE award for best staff-written column, and was named Marketing Computers hardest working tech journalist on their inaugural list of top tech journalists. Jessica can be reached at jessica.davis@ziffdavisenterprise.com