While Microsoft has publicly criticized Google for the publication of a vulnerability affecting Windows, the Mountain View company has raised new details.
Last week it was reported that Microsoft appealed to the security experts of large companies agree on the disclosure of vulnerabilities in their respective applications and software. The Redmond company added that Google, in particular, had disclosed sensitive information about a flaw affecting Windows 8.1 two days before the availability of a patch, despite the claims made by Microsoft.
Google seems to have turned a deaf ear and has just published details of another vulnerability affecting Windows 7 and Windows 8.1 in 32 and 64 bit. The latter affects CryptProtectMemory function and allows a hacker to decrypt and encrypt data during the account login session. Google has made available a file to exploit this vulnerability.
Microsoft was made aware of this flaw on October 29 and confirmed to have been able to reproduce this mechanism. The researcher explains that Google publisher should have published a patch on Patch Tuesday January but compatibility issues identified at the last minute postponed the publication of the latter to the next month.
This research is once again subject to Google's policy. The message states: "If after 90 days there was no patch deployed globally then this bug report will be automatically visible to the public."
Meanwhile, this flaw can be exploited by an attacker. Note that this is the same Google researcher who took responsibility for publishing new information. The question is whether Microsoft will respond again.
Bookmarks