Google disclosed a major vulnerability in Windows that has sent Microsoft flying.
(CCM) — On Monday, Google's Threat Analysis Group took to the company's blog to uncover a major zero-day — or widely unknown — flaw in Windows that has yet to be patched by Microsoft. The flaw leaves the Windows kernel wide open to attempts to escape "security sandboxes," or tools put in place to detect malicious code. According to Google, it waited the allotted seven days after notifying Microsoft of the weakness before revealing it to the public. Though this period is normally 60 days longer, it was drastic reduced in this case since, as Google states, "we know it is being actively exploited."
Microsoft has been less than supportive of Google's methods, lamenting the fact that Google acted so quickly. "We believe in coordinated vulnerability disclosure, and today’s disclosure by Google could put customers at potential risk," Microsoft said in a statement. "Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible." While Microsoft scrambles to push out a patch for the bug, it encourages users to use its Edge browser in conjunction with Windows 10 for the best protection. In Google's blog post, the company said that it had also reported to Adobe a different zero-day vulnerability in Flash, which has since been patched by the company.
Image: © Radu Bercan - Shutterstock.com