Pages

Tuesday, 1 November 2016

Microsoft attacks Google's Windows hack alert

Windows computers
Microsoft says it needs more time to create a fix for the bug detailed by Google
Google's revelation of a security flaw in the Windows operating system has caused anger at Microsoft.

Google published details of the yet-to-be-fixed bug on Monday after giving Microsoft a week to react. Google said the issue was "particularly serious because we know it is being actively exploited".
Google logo
Google suggests it is better to warn the public about some flaws than to keep them hidden
But Microsoft said the alert could do more harm than good at this point because it needs more time to develop a patch.

"We believe in co-ordinated vulnerability disclosure, and today's disclosure by Google puts customers at potential risk," a Microsoft spokesperson told the VentureBeat news site.


"Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible."

The flaw involves a file called Win32k.sys, which the operating system requires to display graphics. It should not be deleted or otherwise altered by users because doing so can cause system errors that result in the so-called "blue screen of death".

However, Google outlines a way hackers can exploit the file to cause a "security sandbox escape", meaning that once it is compromised they can can access and alter other unrelated computer functions to cause problems.

Since 2013, Google has operated a policy of giving developers 60 days to fix a flaw it has identified if it does not believe anyone else is making use of it, but only seven days if it thinks it is being actively abused.