Microsoft Windows has a bug and now everyone knows about it thanks to Google. In its Security Blog, Google disclosed a bug they discovered in Windows ten days ago. In that time, Google sent out a security patch for Chrome on Windows, but the overall OS is still vulnerable to potential attacks now that news has gotten out.
The bug is a win32k system flaw, which means possible attackers can get through sandboxes meant to keep these attackers at bay. The Chrome patch used to prevent this security threat from affecting Google users blocks wink32k via a lockdown. The original bug also involved exploiting an Adobe Flash bug, but a patch for this bug has already been pushed.
Google branded the bug as critical given that it believes the bug “is being actively exploited,” to use their own words. This is obviously a serious issue and should conceivably push Microsoft to speed up a security patch. Microsoft on the other hand, isn’t seeing that as a favor, and openly criticized Google’s disclosure of the bug.
“We believe in coordinated vulnerability disclosure, and today’s disclosure by Google puts customers at risk,” stated a Microsoft spokesperson to VentureBeat.
To avoid being at risk, update Flash as soon as possible and keep an eye out for Windows patches.
Security is always important
Google, Adobe and Microsoft have all taken steps to minimize the possible hazard of this bug, but it’s still an issue that Microsoft needs to address directly in its computer software. Users of these products should update to the latest version as soon as possible.
Microsoft may not be too happy with Google disclosing the issue, conceivably alerting attackers to the bug, but a ten-day headstart should have been enough time for a fix to be administered and it hasn’t yet. Maybe this will speed up the process.