:: Deepquest ::

Angered by Microsoft’s recent criticism of third-party security researchers, a group of hackers says it will begin anonymously releasing proof-of-concept exploit code for Microsoft vulnerabilities in retaliation.

The group, which calls itself the Microsoft-Spurned Researcher Collective, usurping the acronym for Microsoft’s own security team, has already released code demonstrating a newly discovered exploit in Windows Vista and Windows Server 2008.

Microsoft, like many other software companies, relies on third-party security researchers for warnings about vulnerabilities in its software. However, the software industry also has taken researchers to task for revealing the details of a potential security hole before affected vendors have had time to issue a patch.

Most recently, Google security researcher Tavis Ormandy, on at least two occasions in the past six months, publicly disclosed security vulnerabilities as well as proof-of-concept code that demonstrates how to exploit them. For example, Ormandy released code last month that ultimately led to more than 10,000 separate attacks on vulnerable computers. That security flaw emanates from the way Windows XP handles files in its Help and Support Center.