Google just published exploit code for a security hole in Windows 8.1 that allows low-level users to gain administrator rights. The security bug was made public as part of Google's Project Zero, which focuses on making computers safer by tackling the problem of zero-day vulnerabilities. Any bug discovered by this project is reported to vendors, which are then given 90 days to fix the hole before Google makes it public.
Microsoft was quick to point out that attackers would "need to have valid logon credentials and be able to log on locally to a targeted machine." While that should limit the damage, it doesn't mean the flaw is harmless -- a disgruntled mid-level employee with some programming skills could wreak serious harm, for instance. Mountain View told us "just to make this absolutely clear, the (bug) was reported to Microsoft on September 30 (along with) the 90-day disclosure deadline statement... which in this instance has passed."