Google Disclosed a Major Windows Bug, Microsoft Isn't Happy!

Google just disclosed a major Windows vulnerability and Microsoft isn’t happy about it. Microsoft says use Microsoft Edge browser for the best protection.

Google Disclosed a Major Windows Bug, Microsoft Isn’t Happy!

Yesterday, Google disclosed a major Windows bug. Google threat analysis group had just disclosed a critical vulnerability in Windows in Google’s security blog. However, Microsoft doesn’t seem to be happy with this disclosure.

Google had mentioned that they had disclosed a critical vulnerability in Windows for which no advisory or fix has yet been released and they also called this vulnerability being “Actively exploited”. Google said it informed the bug to Microsoft 10 days ago yet the company has done nothing to discuss the issue openly.

Google threat analysis group had also mentioned little details about the vulnerability in which they said that the bug itself is very specific. Here’s what Google threat analysis group mentioned on Google’s security blog.

“The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape. It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome’s sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability.”

Google had recommended that users must update their flash and also said to apply the Windows patches as soon as Microsoft release the patch to fix the existing vulnerability. However, Microsoft doesn’t seem to be happy with the disclosure and one of the Microsoft’s spokesperson said to VentureBeat

“Today’s disclosure by Google puts customers at potential risk, We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection.” Google had mentioned that they fixed the vulnerability for their Chrome users now it’s time for Microsoft to fix the flaw.



COMMENTS