Google security engineer’s disclosure of Windows flaw may have led to recent targeted attacks

Reading time icon 2 min. read

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more


A Google security engineer by the name of Tavis Ormandy disclosed a flaw in the Windows kernel driver Win32k.sys back in May of this year, which may have led to a recent targeted attacks. These targeted attacks were geared towards corporate and government targets.

Back in May of this year, a Google security engineer, Tavis Ormandy, revealed the security flaw on a blog post and asked for help in fixing the final obstacle for exploitation, claiming that he doesn’t have “much free time to work on silly Microsoft code.” Ormandy claimed that Microsoft had a knack for treating outside researchers with hostility. Microsoft responded to the issue claiming that they were investigating.

Ormandy came under scrutiny because he revealed technical information about the exploit on the internet, which can typically help malicious hackers learn or launch attacks. Microsoft had not yet released an update to fix the issue.

Microsoft officials have not revealed if these targeted attacks were based on Ormandy’s full disclosure of the vulnerability. The attacks towards corporate and government targets were based on an exploit in the Windows kernel driver Win32k.sys, which Ormandy disclosed two months prior.

Ormandy was also scrutinized for the way he based Microsoft, stating that one must speak to Microsoft using pseudonyms and anonymous email and that the software giant was hostile towards outside researchers. Microsoft has not offered a comment on this story.