The local privilege escalation vulnerability can be used as a security sandbox escape and was actively exploited in the wild before Google publicly disclosed it. Microsoft isn't pleased because it claims Google's action put users at risk, while Google says it's sticking to its policy, which forces software firms to speed up their response time to fix security vulnerabilities. A similar incident occurred in 2015, when Google also disclosed unpatched holes in Windows.
"Seven days is an aggressive timeline and may be too short for some vendors to update their products," Google said in a blog post in 2013. "But it should be enough time to publish advice about possible mitigations."Google claims that on Windows 10, its Chrome browser prevents the exploit because Chrome's own sandbox is able to block the system call.
Microsoft slammed Google's move. “We believe in coordinated vulnerability disclosure, and today’s disclosure by Google could put customers at potential risk," the company said in an email on Monday.
Via: ComputerWorld