Google publishes Microsoft Windows vulnerability after 90 days of notice!

Windows 8On December 29, Google published the Microsoft Windows 8.1 vulnerability after giving the company 90 days to fix. The Windows vulnerability gives a low level user administrator rights on Windows 8.1. Interesting enough, Microsoft had not acknowledged the fact since the vulnerability was discovered on September 30.

For security reasons, it is ideal to do the most work with the least amount of privileges in order to prevent malware. It also prevents mischievous actions being conducted on the computer. If you conduct your daily routine with elevated or administrated privileges, chances are pretty good you will allow malware to be installed without you knowing it.

Why did Microsoft not fix this?

Its mind boggling why Microsoft never addressed the vulnerability or even try to eliminate the vulnerability. Microsoft did release a statement to Endgadget:

“We are working to release a security update to address an Elevation of Privilege issue. It is important to note that for a would-be attacker to potentially exploit a system, they would first need to have valid login credentials and be able to log on locally to a targeted machine. We encourage customers to keep their anti-virus software up to date, install all available Security Updates and enable the firewall on their computer.”

Google’s proactive approach to fighting Zero Day vulnerabilities

GoogleAll though Microsoft did not appreciate the publishing by Google’s Project Zero, Google and the new formed team did respond that there are obligations that companies need to adhere by in order to keep and maintain the trust of the people who rely on their technology. Project Zero offered their policy about disclosures on vulnerabilities and software vendor responsibilities by responding to Microsoft, saying:

“On balance, Project Zero believes that disclosure deadlines are currently the optimal approach for user security – it allows software vendors a fair and reasonable length of time to exercise their vulnerability management process, while also respecting the rights of users to learn and understand the risks they face. By removing the ability of a vendor to withhold the details of security issues indefinitely, we give users the opportunity to react to vulnerabilities in a timely manner, and to exercise their power as a customer to request an expedited vendor response.”

 

 

  • Microsoft has a lot of Balls for NOT Fixing Bugs before people are exposed to them! And quite frankly, I don’t think they give a Crap at All, and that’s why i can’t STAND Microsoft, and have ordered a Tablet with Sailfish Software on it, which is virtually inpenetrable, and I hope that Jolla, which invented it, comes out with a LapTop that uses the Same Software, because then I can DUMP Microsoft 100% …… And I’ll NEVER Miss Them for even One minute! They SUCK! :-)

  • Sparten1

    Hey Steve, don’t hold back, tell us what you really think of MS. :-)

  • Bo

    just wait till enuff users get this and then it will get hacked, and they won’t have enough talent to fix it immediately. For the most part most users of linux are not vulnerable because there are too many flavors and not enuff users to make it worthwhile fore any hacker to bother with.

  • Deborah Epperson

    I was attacked in December. I can no longer use my main computer and have filed a police report. I have been put through the ringer. Closing bank accounts and messing up my entire life. I would Google to come to my house and fix this mess they cause. I would like the best programs installed on everything. Computer, laptop and all my tablets and phone. This is not right. I have been attacked more than one time. Google. Fix this for me.
    Deborah

    • Paul

      Google? What did they do to your computer? Microsoft wrote the Operating system. They are the ones at fault. I’ll wager that you don’t even run any software from google on your computer. Visiting the Google.com site while using Microsoft’s Internet Explorer is NOT a google App.. I don’t want to sound mean, but please learn just some rudimentary computer skills. Take your “main” computer to a qualified computer repair tech and get it fixed.