Google has gone ahead and published a new Windows 8.1 vulnerability that allows low level users to gain administration privileges. The vulnerability was revealed this week but unfortunately, there is currently no fix from Microsoft. According to Google, the company gave Microsoft plenty of time to address the loophole, 90 days in total.
The discovery came from Google’s Project Zero, which is aimed at discovering weaknesses in software and reporting them. While some are critical of Google for making the vulnerability public before a fix was issued, the company maintains that 90 days should have been more than enough time to get a patch out.
Speaking with Engadget, a Google representative said: “On balance, Project Zero believes that disclosure deadlines are currently the optimal approach for user security — it allows software vendors a fair and reasonable length of time to exercise their vulnerability management process, while also respecting the rights of users to learn and understand the risks they face”.
Google may still change its Project Zero policies as it will be closely monitoring the affects of making vulnerabilities public.
Microsoft has since confirmed that it is finally working on fixing this security flaw, it will likely arrive as part of a Windows Update soon.
Discuss on our Facebook page, HERE.
KitGuru Says: If Google had kept quiet about this vulnerability, how long would it have taken for Microsoft to fix it?