Google was criticised by Microsoft for revealing some bugs in Windows 8.1, as the latter couldn’t meet the given deadline to fix them. Now Google has done it once again. They have revealed one more security flaw in the not-so-popular operating system by Windows.
Google, this time, has actually revealed two bugs. Through one of these bugs, a user can be impersonated by an attacker and all data on the victim’s Windows 7 and Windows 8.1 machines can be decrypted. Google has adopted this initiative, called Project Zero, which will cleanse the Internet world from all kind of vulnerabilities, which are found in the Web, apps and communication services too.
This project notifies the concerned entities about the detected bugs and gives them 90-days timeline to resolve the issues. If the deadline is not met, the bugs are revealed to the public without any delay. This bug was reported on 17 October, 2014, which means Microsoft had the deadline till 17 January, 2015. The second flaw also lets hackers impersonate a user and then get access to the affected machine’s power functions. This bug can affect Windows 7 machines only and it was also reported on the same day, which means Microsoft has missed their deadline again. The previous week, Microsoft officially slammed Google for disclosing the vulnerabilities.
In his blog post, senior director of the Microsoft Security Response Center, Chris Betz, wrote, “We asked Google to work with us to protect customers by withholding details until Tuesday, January 13, when we will be releasing a fix. Although following through keeps to Google’s announced timeline for disclosure, the decision feels less like principles and more like a “gotcha”, with customers the ones who may suffer as a result. What’s right for Google is not always right for customers. We urge Google to make protection of customers our collective primary goal.”
