Google's Threat Analysis group has disclosed a critical vulnerability in Windows. The revelation is posted in the tech company's official blog. Google pointed out the public release of the said security flaw is in accordance to its own policy. Microsoft is not particularly welcoming of the disclosure.
The Vulnerability In Windows
Google has disclosed the vulnerability in Windows, 10 days after Microsoft was informed about it. However, the tech giant has yet to fix the flaw. According to The Verge, the bug found in Windows allows attackers to escape from security sandboxes. Apparently, they are able to exploit the flaw in the win32k system.
Google pointed out that the public release is in accordance to their published policy for actively exploited critical vulnerabilities. The set duration of the disclosure should actually be after 7 days. Microsoft seems to need more days to come up with a patch. Google explained that the vulnerability can be serious since it is being actively exploited.
Patch For The Flash Vulnerability
Along with Microsoft, Adobe was also informed on Oct. 21 about a Flash vulnerability. Adobe had already patched it on Oct. 26, according to the Venture Beat. The patch is already in the latest version of Flash. Users are advised to update their Flash to the recent version.
Meanwhile, Google encouraged those with Windows OS to apply the patches from Microsoft once they are available for the Windows vulnerability.
Microsoft has issued a statement to Venture Beat about the issue. This does not include the availability of the needed patch for Windows. A spokesperson said that the Google disclosure puts customers at potential risk. The spokesperson added that the company believe in coordinated vulnerability disclosure.
Microsoft reiterates that Windows is the "only platform with a customer commitment to investigate reported security issues and proactively update impacted devices". The tech company ensure customers that Windows 10 and the Microsoft Edge browser offer the best protection.
Venture Beat further reports that a source close to Microsoft shared that the exploit Google describes requires the Flash vulnerability. This means that the Windows vulnerability is alleviated with the patched Flash.