Is Google Right In Disclosing A Critical Vulnerability In Windows? Why Microsoft Is Not Happy
Google's Threat Analysis group has disclosed a critical vulnerability in Windows. The revelation is posted in the tech company's official blog. Google pointed out the public release of the said security flaw is in accordance to its own policy. Microsoft is not particularly welcoming of the disclosure.
The Vulnerability In Windows
Google has disclosed the vulnerability in Windows, 10 days after Microsoft was informed about it. However, the tech giant has yet to fix the flaw. According to The Verge, the bug found in Windows allows attackers to escape from security sandboxes. Apparently, they are able to exploit the flaw in the win32k system.
Google pointed out that the public release is in accordance to their published policy for actively exploited critical vulnerabilities. The set duration of the disclosure should actually be after 7 days. Microsoft seems to need more days to come up with a patch. Google explained that the vulnerability can be serious since it is being actively exploited.
Patch For The Flash Vulnerability
Along with Microsoft, Adobe was also informed on Oct. 21 about a Flash vulnerability. Adobe had already patched it on Oct. 26, according to the Venture Beat. The patch is already in the latest version of Flash. Users are advised to update their Flash to the recent version.
Meanwhile, Google encouraged those with Windows OS to apply the patches from Microsoft once they are available for the Windows vulnerability.
Microsoft has issued a statement to Venture Beat about the issue. This does not include the availability of the needed patch for Windows. A spokesperson said that the Google disclosure puts customers at potential risk. The spokesperson added that the company believe in coordinated vulnerability disclosure.
Microsoft reiterates that Windows is the "only platform with a customer commitment to investigate reported security issues and proactively update impacted devices". The tech company ensure customers that Windows 10 and the Microsoft Edge browser offer the best protection.
Venture Beat further reports that a source close to Microsoft shared that the exploit Google describes requires the Flash vulnerability. This means that the Windows vulnerability is alleviated with the patched Flash.
HTC Will Build Another Flagship Phone, Even After Billion-Dollar Deal with Google
HTC is showing signs of revival with the announcement of $1.1 billion smartphone business deal with Google.
Google Replacing Defective Nexus 6Ps with Pixel XL for Free
Owners of defective Nexus 6P units in the US and Canada are now receiving Google Pixel XL as free replacement.
Google Pixel Users on Oreo Complain of Unexpected Mobile Data Shutdown
Google has acknowledged mobile data issues with Pixels running on Oreo update via its official product forums.
Google Announces Permanent Shut Down of Drive App for PC and Mac
Google Drive app gets its end of support date for December 11 and the end of life date for March 12, 2018.
Android O Launching Today As "Android Oreo," Suggests Leaked Image: How to Watch Livestream
Google is all set to release its next mobile operating system aka Android O today.
MORE IN ITECHPOST
How to Protect Yourself on Facebook
Facebook is an application that takes on an all-encompassing role in our social media lives. It is a space where we communicate with friends and family about our personal lives, browse through an endless stream of content, and interact with other companies and entities on groups and pages.
How Do Personal Emergency Response Systems Work?
Personal emergency response systems, known as PERS for short, are systems that help people to raise the alarm and get immediate help when a medical or personal emergency occurs. They are ideal for older people and anyone with a mobility issue or an injury or illness that can cause falls.
The 9 Most Popular (And Fun) Internet Games of 2019
Are you bored of board games? What are the most popular internet games from this year? These nine are popular for a reason. Check 'em out!