Microsoft patches Windows bugs that got under its skin

Microsoft yesterday patched both Windows vulnerabilities that Google had taken public before the fixes were ready.

The disclosures had irked Microsoft, leading to an unusual dust-up where the company specifically called out Google for allegedly putting Windows customers at risk.

As part of an eight-update Patch Tuesday slate yesterday, Microsoft issued fixes for two Windows bugs that Google security engineer James Forshaw had found and reported in 2014. Forshaw works on the Google Project Zero team, which has a policy of automatically revealing technical details of a flaw, and in most cases sample attack code, too, 90 days after reporting the vulnerability if it has not been patched by then.

To read this article in full or to leave a comment, please click here