Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google reveals Third unpatched Zero-Day Vulnerability In Windows


  • Please log in to reply
2 replies to this topic

#1 NickAu

NickAu

    Bleepin' Fish Doctor


  • Moderator
  • 13,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:07:36 AM

Posted 16 January 2015 - 03:27 PM

 

Microsoft has heavily criticized Google and its 90-days security disclosure policy after the firm publicly revealed two zero-day vulnerabilities in Microsoft’s Windows 8.1 operating system one after one just days before Microsoft planned to issue a patch to kill the bugs. But, seemingly Google don't give a damn thought.
 
Once again, Google has publicly disclosed a new serious vulnerability in Windows 7 and Windows 8.1 before Microsoft has been able to produce a patch, leaving users of both the operating systems exposed to hackers until next month, when the company plans to deliver a fix.

DISCLOSURE OF UNPATCHED BUGS, GOOD OR BAD?
Google’s tight 90-days disclosure policy seems to be a good move for all software vendors to patch their products before they get exploited by the hackers and cybercriminals. But at the same time, disclosing all critical bugs along with its technical details in the widely used operating system like Windows 7 and 8 doesn’t appears to be a right decision either. In both cases, the only one to suffer is the innocent users.
 
 

The revelation of the security flaw was also a part Google's Project Zero, an initiative that identifies security holes in different software and calls on companies to publicly disclose and patch bugs within 90 days of discovering them.

 

 

Google vs. Microsoft — Google reveals Third unpatched Zero-Day Vulnerability in Windows

 

More here.

 

Google drops more Windows 0-days. Something’s gotta give

Edited by NickAu, 16 January 2015 - 03:32 PM.


BC AdBot (Login to Remove)

 


#2 rp88

rp88

  • Members
  • 3,048 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:09:36 PM

Posted 17 January 2015 - 11:17 AM

Another? So soon? This is just about the worst time google could release the details, just after one patch tuesday so that chance for ms to fix this is about a month away.


There is wisdom in google using the threat of "we're going to reveal it in 90 days" to make other companies hurry up but they could atleast have only revealed the overall description of the vulnerability rather than full technical details that will end up acting as a "how to" guide for criminals.

Edited by rp88, 17 January 2015 - 11:18 AM.

Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#3 NickAu

NickAu

    Bleepin' Fish Doctor

  • Topic Starter

  • Moderator
  • 13,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:127.0.0.1 Australia
  • Local time:07:36 AM

Posted 17 January 2015 - 03:13 PM

Another? So soon? This is just about the worst time google could release the details, just after one patch tuesday so that chance for ms to fix this is about a month away.

Microsoft has known about this for 90 days, And do not care.
 
Linux would have patched something like this in hours not days or weeks.
 
Microsoft treats it's customers like fools, And I blame the customer also, You continue to use their second rate OS and pay good money for the
privilege. Customers need to complain to Microsoft, Maybe the threat of a class action would also work, All they understand is money money.
 
 
 
Google vs Microsoft; Google Research Team Make Two More Windows 7/8 Vulnerabilities Public

 

 

The Google vs Microsoft war hots up as Google reveals two more Windows 7 and Windows 8 vulnerabilities.

The Google Research Team has put two more unpatched Windows vulnerabilities in public domain on Thursday after the expiration of Google Project Zero’s self-imposed 90-day waiting period before disclosing bug details.

Microsoft which has not taken kindly to these kind of public disclosures has said that it will patch one of the two vulnerabilities in its upcoming February Patch Tuesday security bulletin release. The second flaw it seems is not a big security issue.

Readers may remember that the Google research team had made a privilege escalation vulnerability in Windows 7 public after expiration of the self imposed 90 day waiting period.  Google’s disclosure on Dec 29 revived disclosure debates between security enthusiasts and ignited acrimony and public posturing from both the companies.

- See more at: http://www.techworm.net/2015/01/google-vs-microsoft-google-research-team-make-windows-7-windows-8-vulnerabilities.html#sthash.Y5Y8bTZy.dpuf

 

 
 
 
 


Edited by NickAu, 17 January 2015 - 03:23 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users