Security expert Tavis Ormandy has discovered a vulnerability in the Windows kernel (http://paritynews.com/security/item/1101-google-security-expert-finds-publicly-discloses-windows-kernel-bug) which, when exploited, would allow an ordinary user to obtain administrative privileges of the system (http://www.h-online.com/security/news/item/Google-researcher-discloses-zero-day-exploit-for-Windows-1876170.html). Google's security pro posted the details of the vulnerability back in May through the Full Disclosure mailing list (http://seclists.org/fulldisclosure/2013/May/91) rather than reporting it to Microsoft first. He has now gone ahead and published a working exploit (http://seclists.org/fulldisclosure/2013/Jun/5). This is not the first instance where Ormandy has opted for full disclosure (http://nakedsecurity.sophos.com/2010/06/15/tavis-ormandy-pleased-website-exploits-microsoft-zeroday/)without first informing the vendor of the affected software.

http://tech.slashdot.org/story/13/06/04/1940225/google-security-expert-finds-publicly-discloses-windows-kernel-bug