Google and Microsoft clash over critical Windows flaw disclosure

Google and Microsoft clash over critical Windows flaw disclosure

Google and Microsoft clash over critical Windows flaw disclosure

Tech giants Google and Microsoft have clashed over the disclosure of a critical Windows flaw; with Google having posted the zero-day vulnerability on its security blog even though Microsoft has not yet officially published a fix for it.

In revealing that critical flaw in Windows software on Monday, Google said that it had informed Microsoft of the flaw on October 21; and had given the company a ten-day window to officially alert the public to the flaw.

Google further added that even though Microsoft has been aware of the critical Windows flaw since October 21, the software biggie has neither published a fix for the flaw thus far, nor has it issued an advisory about it.

About Google's decision to disclose the critical Windows flaw publicly on Monday, Google said that the move is in accordance with its strict policy of giving vendors a one-week period to either publish a fix or issue a public warning about a security vulnerability.

With regard to the disclosure of the Windows flaw on its security blog, Google said: "This vulnerability is particularly serious because we know it is being actively exploited." The company also explained that the flaw gives hackers the ability to exploit a bug in the Windows kernel, via a win32k. sys system call, for circumventing the security sandbox.