Google has recently disclosed a critical vulnerability in Windows at the company’s security blog, and Microsoft is very upset about this.
The bug is very specific – allowing attackers to escape from security sandboxes through a flaw in the win32k system. Google believes that it’s being actively exploited, so it could be critical. Actually, Google had already reported the bug to Microsoft before going public. While Google has fixed this in Chrome and Adobe, Windows bug still remains uncared.
“We encourage users to verify that auto-updaters have already updated Flash – and to manually update if not,” Google recommends, “and to apply Windows patches from Microsoft when they become available.”
Microsoft harshly criticized the disclosure, as they’re worried that the criminals would replicate the bug. “We believe in coordinated vulnerability disclosure, and today’s disclosure by Google puts customers at potential risk. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection,” a Microsoft spokesperson told VentureBeat.
Microsoft didn’t mention when a patch could be expected, though.
Shall not be reproduced without permission：EXPREVIEW » Google Disclosed a Windows Bug, Making Microsoft Upset