After facing criticism for disclosing Windows 8.1 security bugs earlier this week, Google has pointed out yet another security flaw in Microsoft’s infamous operating system.
Google has revealed two bugs, one of which allows attackers to impersonate a user and decrypt data on Windows 7 and Windows 8.1 machines.
Google’s Project Zero scours the Internet to identify vulnerabilities around the Web, in apps and in communication services, before bringing them to light and possibly quashing them. Google gives companies 90 days to address issues and reveals them to the public if they don’t. The bug in the Windows operating system was reported on 17th October 2014, which means that Microsoft had well passed the 90-day deadline.
The second vulnerability allows attackers to impersonate a user and access the machine’s power functions. This security bug affects only Windows 7. This bug was also reported on October 17, 2014.
Microsoft had slammed Google for revealing vulnerabilities earlier this week, just two days before sending out a patch. In an official blogpost, Chris Betz, senior director of the Microsoft Security Response Center said, “We asked Google to work with us to protect customers by withholding details until Tuesday, January 13, when we will be releasing a fix. Although following through keeps to Google’s announced timeline for disclosure, the decision feels less like principles and more like a “gotcha”, with customers the ones who may suffer as a result. What’s right for Google is not always right for customers. We urge Google to make protection of customers our collective primary goal.”