Microsoft livid as Google discloses dangerous Windows flaw after 10-day window

Posted on Wednesday, November 02 2016 @ 10:28 CET by Thomas De Maesschalck
MS logo
Microsoft is mad at Google because the latter published details about a dangerous security vulnerability in Windows on the Google Security Blog. The search giant says it informed Microsoft about the bug ten day in advance and claims this is enough time to either publish a patch or release details about possible mitigation techniques.

The local privilege escalation vulnerability can be used as a security sandbox escape and was actively exploited in the wild before Google publicly disclosed it. Microsoft isn't pleased because it claims Google's action put users at risk, while Google says it's sticking to its policy, which forces software firms to speed up their response time to fix security vulnerabilities. A similar incident occurred in 2015, when Google also disclosed unpatched holes in Windows.
"Seven days is an aggressive timeline and may be too short for some vendors to update their products," Google said in a blog post in 2013. "But it should be enough time to publish advice about possible mitigations."

Microsoft slammed Google's move. “We believe in coordinated vulnerability disclosure, and today’s disclosure by Google could put customers at potential risk," the company said in an email on Monday.
Google claims that on Windows 10, its Chrome browser prevents the exploit because Chrome's own sandbox is able to block the system call.

Via: ComputerWorld


About the Author

Thomas De Maesschalck

Thomas has been messing with computer since early childhood and firmly believes the Internet is the best thing since sliced bread. Enjoys playing with new tech, is fascinated by science, and passionate about financial markets. When not behind a computer, he can be found with running shoes on or lifting heavy weights in the weight room.



Loading Comments