Google Discloses Microsoft Zero Day Flaw GovInfoSecurity (01/05/15) Schwartz, Mathew J. Microsoft is still working on patching a vulnerability in Windows 8.1 that could be exploited to grant an attacker administrator-level access a week after Google made the details of vulnerability public. Google originally warned Microsoft about the vulnerability, which involves an exploit of the way Windows 8 caches application compatibility data, on Sept. 30, 2014. However, as part of its secrecy policy under which it gives vendors 90 days to fix a bug before they make it public, Google published details of the vulnerability on Dec. 29. Microsoft defends its failure to get a patch for the vulnerability out quicker by noting that in order to exploit the vulnerability, an attacker would need valid credentials and physical access to a target computer first, making patching the vulnerability a relatively low priority. Reactions to the publication of the vulnerability have been mixed, with some security professionals praising Google for putting pressure on vendors to fix potentially dangerous bugs, while others taking issue with the publishing of any details of serious, unpatched vulnerabilities.
Posted on: Sat, 10 Jan 2015 04:00:14 +0000
Trending Topics
Recently Viewed Topics
© 2015