After facing criticism for disclosing Windows 8.1 security
bugs earlier this week, Google has pointed out yet another security flaw in
Microsoft’s infamous operating system.
Google has revealed two bugs, one of which allows attackers to impersonate a user
and decrypt data on Windows 7 and Windows 8.1 machines.
Google’s Project Zero scours the Internet to identify
vulnerabilities around the Web, in apps and in communication services, before
bringing them to light and possibly quashing them. Google gives companies 90
days to address issues and reveals them to the public if they don’t. The bug in
the Windows operating system was reported on 17th October 2014, which means
that Microsoft had well passed the 90-day deadline.
The second
vulnerability allows attackers to impersonate a user and
access the machine’s power functions. This security bug affects only Windows 7.
This bug was also reported on October 17, 2014.
Microsoft had slammed Google for revealing
vulnerabilities earlier this week, just two days before sending out a patch. In
an official blogpost,
Chris Betz, senior director of the Microsoft Security Response Center said, “We
asked Google to work with us to protect customers by withholding details until
Tuesday, January 13, when we will be releasing a fix. Although following
through keeps to Google’s announced timeline for disclosure, the decision feels
less like principles and more like a “gotcha”, with customers the ones who may
suffer as a result. What’s right for Google is not always right for customers.
We urge Google to make protection of customers our collective primary goal.”
0 comments:
Post a Comment