Is Google Right In Disclosing A Critical Vulnerability In Windows? Why Microsoft Is Not Happy

Google's Threat Analysis group has disclosed a critical vulnerability in Windows. The revelation is posted in the tech company's official blog. Google pointed out the public release of the said security flaw is in accordance to its own policy. Microsoft is not particularly welcoming of the disclosure.

The Vulnerability In Windows

Google has disclosed the vulnerability in Windows, 10 days after Microsoft was informed about it. However, the tech giant has yet to fix the flaw. According to The Verge, the bug found in Windows allows attackers to escape from security sandboxes. Apparently, they are able to exploit the flaw in the win32k system.

Google pointed out that the public release is in accordance to their published policy for actively exploited critical vulnerabilities. The set duration of the disclosure should actually be after 7 days. Microsoft seems to need more days to come up with a patch. Google explained that the vulnerability can be serious since it is being actively exploited.

Patch For The Flash Vulnerability

Along with Microsoft, Adobe was also informed on Oct. 21 about a Flash vulnerability. Adobe had already patched it on Oct. 26, according to the Venture Beat. The patch is already in the latest version of Flash. Users are advised to update their Flash to the recent version.

Meanwhile, Google encouraged those with Windows OS to apply the patches from Microsoft once they are available for the Windows vulnerability.

Microsoft's Response

Microsoft has issued a statement to Venture Beat about the issue. This does not include the availability of the needed patch for Windows. A spokesperson said that the Google disclosure puts customers at potential risk. The spokesperson added that the company believe in coordinated vulnerability disclosure.

Microsoft reiterates that Windows is the "only platform with a customer commitment to investigate reported security issues and proactively update impacted devices". The tech company ensure customers that Windows 10 and the Microsoft Edge browser offer the best protection.

Venture Beat further reports that a source close to Microsoft shared that the exploit Google describes requires the Flash vulnerability. This means that the Windows vulnerability is alleviated with the patched Flash.

© 2021 iTech Post All rights reserved. Do not reproduce without permission.

More from iTechPost