Microsoft has issued a security advisory, saying it is investigating reports of a vulnerability in Windows XP and the operating system’s Windows Help and Support Center Function.
Microsoft says the vulnerability could allow remote code execution if a user is lured to a web page or if a user clicks on a “specially crafted link” in an e-mail message.
Those reports that Microsoft says it is investigating came originally from Google. A Google engineer, Tavis Ormandy, posted a vulnerability report to the Full-Disclosure mailing list. The disclosure was reportedly criticized by Microsoft and other engineers who said it did not follow the responsible disclosure etiquette promoted by Google and others.
Google and Microsoft have locked horns recently, with Google reportedly banning use of Microsoft operating systems by new hires at the company, citing security concerns, and instead giving them a choice of Linux-based PCs or Apple Macs.