Microsoft’s vulnerability research team have discovered two new security holes in products that are not even their own. This is Microsoft ongoing attempt to quietly find, and help fix security defects in products made by third-party vendors, including its competitors such as Apple and Google.
Since this program started back in July of 2010, Microsoft has been working to identify and help fix 109 different software vulnerabilities affecting over 35 different vendors. “Vendors have responded and have coordinated on 97 percent of all reported vulnerabilities; 29 percent of third-party vulnerabilities found since July 2010 have already been resolved, and none of the vulnerabilities without updates have been observed in any attacks,” Microsoft said.
So what did Microsoft discover this time?
1) A vulnerability exists in the way Safari handles certain content types. An attacker could exploit this vulnerability to cause Safari to execute script content and disclose potentially sensitive information. An attacker who successfully exploited this vulnerability would gain sensitive information that could be used in further attacks.
2) A vulnerability exists in the way that WordPress previously implemented protection against cross site scripting and content-type validation. An attacker could exploit this vulnerability to achieve script execution.
This research program gives Microsoft researchers freedom to poke around the code of third-party software and work together with the vendors to identify and resolve security issues before becoming publicly compromised.
Could this be a public relations tactic or a genuine effort on the company’s part? One can argue that Microsoft is simply fighting back by doing the same thing Google did when it shed light to numerous vulnerabilities on Microsoft’s products. Apple has even stated that its products are more secure than Microsoft’s products.Further reading: Apple, Google, Microsoft