On October 31, Google publicly outed Microsoft for a critical zero-day security flaw in Windows 10 just 10 days after reporting the vulnerability to the firm. Today, as promised in a subsequent (and angry) blog post (opens in new tab), Microsoft has patched up the hole and more in a round of updates.
The issue was said to allow hackers to easily work around the operating system’s (OS) security sandbox, letting them to execute harmful code, delete data and create user accounts with full access to the OS and "take control of an affected system,” Microsoft wrote in a security bulletin (opens in new tab) following its usual patch day.
In order to exploit the security hole, however, the end user would have to be tricked into opening an app created specifically for this purpose and remain logged in for the hacker to do any real damage. Back on November 1, Microsoft even claimed in that blog post that the flaw was not exploitable if you were running the then-latest version of its new OS.
- See why you should still consider buying a Surface Pro 3
How long is long enough?
Last week, Google justified publicizing the so-called Win32k Information Disclosure Vulnerability early in citing evidence (opens in new tab) that the flaw was already being exploited by hackers. Normally, Google gives fellow firms three months to sort their security issues before making them public.
Citing the urgent nature of this particular security flaw, Google broke that rule rather quickly. This caused Microsoft executive Terry Myerson to lash out a bit at the search giant in the aforementioned blog post, claiming that its move only put more of its users at risk, though recognized the Google researcher’s hard work.
- Protect yourself with one of 2016’s best security suites
While Google took matters into its own hands for the sake of the public, it’s obvious that the two companies are rivals in several respects – namely in that both are fervently competing for market share in regards to their operating systems.
Outside looking in, it’s impossible to say whether one party drug its feet in delivering a fix or the other had ulterior motives in disclosing the flaw publicly. Regardless, it’s important to recognize the environment and circumstances surrounding both in this exchange.
To ensure that you’re protected from the flaw, make sure to update your version of Windows 10 today. Oh, and give your system a quick malware scan for good measure.
Via ZDNet (opens in new tab)