Google criticised by Microsoft over Windows 8.1 security hole disclosure

All about coordinated vulnerability disclosure

The relationship between Microsoft and Google has been strained at times

Google's decision to release a security vulnerability about Windows 8.1 has ruffled a few feathers at Microsoft it seems as its senior director of Microsoft Security Response Center, Chris Betz, has issued a statement, one that barely hides the company's irritation.

Microsoft was irked by the fact that Google decided unilaterally to release information about a vulnerability in Windows 8.1, two days before a planned fix despite Microsoft's request to postpone that.

Betz added that "Although following through keeps to Google's announced timeline for disclosure, the decision feels less like principles and more like a "gotcha", with customers the ones who may suffer as a result."

The disclosure was part of Google's Project Zero security initiative that allows companies a full 90-days deadline to close the vulnerabilities before revealing them online.

The vulnerability, a weakness in Windows 8.1 login mechanism could be used by the attacker to take over the target machine and may well have required a complex solution, which might explain why it took so long for Microsoft to solve.

Article continues below