Google discloses another unpatched Windows flaw, irritates Microsoft

Google released details of a second unpatched privilege escalation flaw in Windows 8.1 in less than a month, drawing criticism from Microsoft.

Microsoft is unhappy with the 90-day public disclosure deadline enforced by Google’s security research team known as Project Zero.

Project Zero members routinely find vulnerabilities in products from other companies. These flaws get reported to the affected software vendors and if they are not patched in 90 days, Google automatically makes the vulnerability details public.

On Dec. 29, Google Project Zero disclosed an elevation of privilege (EoP) vulnerability affecting Windows 8.1 that Microsoft hadn’t yet patched. The vulnerability was reported to Microsoft on Sept. 30, so the 90-day deadline expired, Google said at the time.

To read this article in full or to leave a comment, please click here