On October 21, Google (NASDAQ:GOOGL) discovered a Windows bug that allows unauthorized access to Windows users accounts. The bug affects the Windows kernel– that part of the operating system which requires the highest privilege. This allows a hacker to bypass Windows’ security sandbox, giving him/her the power to execute any kind of program without the need for administrator access.
Apart from the Windows bug, Google also discovered a flaw in Adobe Flash software. Both Microsoft (NASDAQ:MSFT) and Adobe (NASDAQ:ADBE) were alerted by Google as soon as the vulnerabilities were discovered. Adobe was able to resolve the issue in just 5 days. And Google itself has already done its own fix for Chrome users. As for Microsoft, almost 2 weeks have gone by and still the flaw remains.
Google has an existing policy to inform the public about unpatched critical vulnerabilities that are actively being exploited, 7 days after notifying the software owner. According to them, 7 days should be enough time to work on a fix, especially for bugs that are too dangerous to be left unchecked. If a permanent solution isn’t possible within that period, the public should at least be informed so they can work on temporary solutions to protect themselves.
Classifying the recently discovered Windows bug under this category, Google publicly announced its existence on October 31. And Microsoft has openly reacted against it.
According to a statement issued by Terry Myerson, Executive Vice President of Microsoft’s Windows and Devices group, they are committed to safeguarding customer security and they take this responsibility seriously.
Myerson says: “We believe responsible technology industry participation puts the customer first, and requires coordinated vulnerability disclosure. Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk.”
He further gives the assurance that a solution for the problem is already being worked on, and that a system-wide patch will be released to the public by November 8.
In the meantime, Microsoft recommends their users to upgrade to Windows 10 — ‘the most secure operating system we’ve ever built, complete with advanced protection for consumers and enterprises at every layer of the security stack’ – and make use of the Microsoft Edge browser.
As for Google, the company is encouraging the public to protect themselves against the latest bug by updating their Adobe Flash Player, and applying the Windows patch as soon as it is deployed.