This week, Google went ahead and disclosed details surrounding a critical vulnerability currently present in Windows and it turns out that Microsoft isn’t too pleased about it. The vulnerability is apparently being actively exploited by hackers, something that Google apparently knew about prior to making the bug public.
Google disclosed the issue privately to Microsoft back on the 21st of October but went public with it just ten days later, before Microsoft could issue a fix. Google describes the flaw as a “local privilege escalation in the Windows kernel”, this can be used by attackers to break into Windows systems.
This isn’t the first time that Google has pulled the rug out from under Microsoft when it comes to vulnerabilities. Google went public with two Windows 8.1 issues in 2015 before a patch was ready. In a statement given to VentureBeat, Microsoft fired back at Google for putting customers at potential risk:
“We believe in coordinated vulnerability disclosure, and today’s disclosure by Google puts customers at potential risk. Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection.”
Right now, there is no news on when this vulnerability will be fixed but Microsoft should be working on it as fast as possible now that everything is out in the open.
Discuss on our Facebook page, HERE.
KitGuru Says: While there are some companies out there that will ignore critical security errors unless they are publicly outed, Microsoft isn’t really in a position to do that with Windows. Hopefully, a patch for this comes soon. Do you guys think Google should have publicly disclosed this bug so soon after informing Microsoft? Do you think Microsoft should have been quicker in patching?