Google unveils Windows 8.1 vulnerability, releases sample code

Google security researchers were being criticized on Monday for releasing details of a Windows 8.1 vulnerability together with proof-of-concept code that can be used to exploit it.

“The bad guys don’t need to be spoon-fed that stuff,” said John Shier, security adviser at UK-based Sophos.

Google’s Project Zero security research team first discovered the vulnerability in September, and reported it to Microsoft. It allows an application to run with administrator privileges when it shouldn’t.

With that initial issue report, Google included a note of warning to Microsoft: “This bug is subject to a 90 day disclosure deadline. If 90 days elapse without a broadly available patch, then the bug report will automatically become visible to the public.”

To read this article in full or to leave a comment, please click here