Just days after Google angered Microsoft by releasing information about a Windows security flaw, they've now released two more. "The more serious of the two allows an attacker to impersonate an authorized user, and then decrypt or encrypt data on a Windows 7 or Windows 8.1 device. Google reported that bug to Microsoft on Oct. 17, 2014, and made some background information and a proof-of-concept exploit public on Thursday. Project Zero is composed of several Google security engineers who investigate not only the company's own software, but that of other vendors as well. After reporting a flaw, Project Zero starts a 90-day clock, then automatically publicly posts details and sample attack code if the bug has not been patched." Microsoft says there's no evidence these flaws have been successfully exploited.
http://tech.slashdot.org/story/15/01...e-windows-bugs