IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Microsoft blasts Google over Windows 8.1 bug report

Redmond claims Google was wrong to publicly disclose flaw as it was days away from being fixed

magnifying glass showing bug on binary code

Microsoft has hit back at Google's decision to publicly disclose a Windows 8.1 security flaw several days before the software giant was due to patch it.

As reported by IT Pro last week, Google decided to speak up about the bug over claims Microsoft had failed to fix it within 90 days of its discovery.

The flaw could have left Windows 8.1 users open to Elevation of Privilege attacks, and is set to be fixed tomorrow in Microsoft's first Patch Tuesday of 2015.

Perhaps unsurprisingly, Microsoft has not reacted kindly to Google publicly announcing details of the bug, given that it was days from being rectified.

In a lengthy blog post by Chris Betz, leader of the Microsoft Security Response Centre (MSRC), he said the vendor specifically asked Google to withhold details of the security flaw until tomorrow, but the search firm declined.

"Although following through keeps to Google's announced timeline for disclosure, the decision feels less like principles and more like a gotcha', with customers the ones who may suffer as a result," Betz wrote.

Now details of the flaw are out in the open, Microsoft fears users could be put at increased risk of cyber attacks.

"What's right for Google is not always right for customers. We urge Google to make protection of customers our collective primary goal," Betz added.

"We believe those who fully disclose a vulnerability before a fix is broadly available are doing a disservice to millions of people and the systems they depend upon."

Betz then goes on to talk about Microsoft's preference for Co-ordinated Vulnerability Disclosure, which he claims "limits the field of opportunity" for hackers to carry out attacks, as it gives vendors ample time to address issues.

The alternative approach of full disclosure, which is the one Google employed, forces customers to take action to protect themselves, Betz said. But it's not always terribly successful.

"The vast majority take no action, being largely reliant on a software provider to release a security update," Betz explained.

"Even for those able to take preparatory steps, risk is significantly increased by publicly announcing information that a cybercriminal could use to orchestrate an attack and assumes those that would take action are made aware of the issue."

IT Pro contacted Google for its response, but had not received one at the time of publication.

Microsoft has decided to restrict its Advanced Notification Services (ANS) about upcoming software updates to its Premium customers, rather than alerting all users via a blog post.

Featured Resources

Meeting the future of education with confidence

How the switch to digital learning has created an opportunity to meet the needs of every student, always

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

Technology reimagined

Why PCaaS is perfect for modern schools

Free Download

Recommended

Microsoft reportedly blocks Russian Windows 10 and Windows 11 downloads
Microsoft Windows

Microsoft reportedly blocks Russian Windows 10 and Windows 11 downloads

20 Jun 2022
IT Pro News in Review: UK tech raises $16bn, Microsoft acquires Miburo, largest DDoS attack mitigated
Business strategy

IT Pro News in Review: UK tech raises $16bn, Microsoft acquires Miburo, largest DDoS attack mitigated

17 Jun 2022
Proofpoint details 'dangerous' ransomware flaw in SharePoint and OneDrive
ransomware

Proofpoint details 'dangerous' ransomware flaw in SharePoint and OneDrive

17 Jun 2022
Microsoft silent patches called “a grossly irresponsible policy”
cyber security

Microsoft silent patches called “a grossly irresponsible policy”

15 Jun 2022

Most Popular

How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

7 Jun 2022
Attracting and retaining talent through training
Sponsored

Attracting and retaining talent through training

13 Jun 2022
Swift exit: How the world cut off Russian banks
finance

Swift exit: How the world cut off Russian banks

24 Jun 2022