Microsoft, Google Skirmish Over IE Security Vulnerabilities

The ongoing rivalry between Google and Microsoft flared up again this week, with Microsoft and Google trading words over the work of Google security researcher Michael Zalewski.

Zalewski has worked on a series of security tools -- called "fuzzers" -- that seek to expose bugs and vulnerabilities in popular web browsers. Zalewski reported on several bugs in various versions of Internet Explorer in 2009 and 2010, and reported his findings to the Microsoft security team.

According to Zalewski, Microsoft sat on the information for too long without responding to his work, so he told Microsoft he would take his information public in January 2011. A war of words erupted between Microsoft and Zalewski this week, with The Register reporting that Microsoft spokesperson Jerry Bryant said “At this point, we're not aware of any exploits or attacks for the reported issue and are continuing to investigate and monitor the threat environment for any changes.” In response, Zalewski published his own timeline of events that seemed to contradict Microsoft's PR messaging. (The relevant Microsoft security vulnerability advisory related to this issue can be found here.)

My advice? Keep watching the Microsoft and Google security team blogs for information about the latest browser security vulnerabilities and update your browsers as soon as updates become available.

Follow Jeff James on Twitter at @jeffjames3

Follow Windows IT Pro on Twitter at @windowsitpro

Related Content: