View Full Version : Google posts Windows 8.1 vulnerability before Microsoft can patch it

January 3rd, 2015, 21:09
http://o.aolcdn.com/hss/storage/midas/17a6832faffff3c4a4830f7493aab899/201323288/google-microsoft-vulnerability-2015-01-02-01.jpg (http://www.engadget.com/2015/01/02/google-posts-unpatched-microsoft-bug/)
Google's Project Zero (http://googleonlinesecurity.blogspot.fr/2014/07/announcing-project-zero.html) tracks vulnerabilities in software systems and reports them to vendors "in as close to real-time as possible" -- a noble cause, no? But what happens if said vendor then fails to push a fix within the 90-day window? Microsoft just found out: Google will go ahead and publish the bug (https://code.google.com/p/google-security-research/issues/detail?id=118) anyway, complete with code that can be used to exploit it. A researcher found a Windows 8.1 security hole that allows lower-level users to become administrators, giving them access to sensitive server functions they'd normally have no right to. Though it remains unpatched by Microsoft, the Zero team published it several days ago -- right on schedule.