Google risks Microsoft's wrath with new Windows 8.1 bug disclosure

Google goes public once more with details about Windows security flaw. How will Microsoft respond?

Google could feel the full force of Microsoft's wrath again by going public with details of a Windows 8.1 security flaw before the software giant has had a chance to fix it.

The search firm's security research team claim to have uncovered the issue, which allows hackers to impersonate users and decrypt sensitive data on Windows 7 and 8.1 machines, in October 2014.

Advertisement - Article continues below

"This might be an issue if there's a service which is vulnerable to a named pipe planting attack or is storing encrypted data in a world readable shared memory section," the Google research team wrote in a blog post.

The researchers then go on to acknowledge the security hole may have been created purposefully by Microsoft, before sharing details of how it can be replicated.

"This behaviour, of course, might be design. However, not having been party to the design, it's hard to tell," the post stated.

The group claim to have notified Microsoft about the issue, with further posts on the site suggesting the vendor had planned to release a fix for it during the January round of Patch Tuesday updates.

However, it's claimed the patch was pulled because of undisclosed compatibility issues, and is now set for release in February.

Advertisement
Advertisement - Article continues below

Under the terms of Google's disclosure policies, Microsoft was given 90 days to patch the problem, but in this instance has failed to do so. As a result, Google has now gone public with the details.

Advertisement - Article continues below

That decision is unlikely to have gone down well at Redmond, after Microsoft recently hit out at Google for disclosing details of another security hole before it had a chance to patch it.

IT Pro contacted Microsoft for comment on Google's decision to publicly release details of this latest security flaw, but was still awaiting a response at the time of publication. 

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now
Advertisement

Recommended

Visit/operating-systems/microsoft-windows/356331/virtualise-windows-7-under-windows-10
Microsoft Windows

Virtualise Windows 7 under Windows 10

5 Jul 2020
Visit/security/privacy/356320/privacy-groups-warn-against-googles-acquisition-of-fitbit
privacy

Privacy groups warn against Google's acquisition of Fitbit

2 Jul 2020
Visit/network-internet/internet-of-things-iot/356310/google-makes-seasonal-savings-free-for-all-nest
Internet of Things (IoT)

Google makes Seasonal Savings free for all Nest owners

1 Jul 2020
Visit/cloud/356294/azure-digital-twins-previews-new-features
Cloud

Microsoft Azure Digital Twins previews new features

30 Jun 2020

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/policy-legislation/data-protection/356344/eu-institutions-warned-against-purchasing-any-further
data protection

EU institutions told to avoid Microsoft software after licence spat

3 Jul 2020
Visit/mobile/mobile-phones/356335/the-man-has-ruined-my-huawei-p40
Mobile Phones

The Man has ruined my Huawei P40

3 Jul 2020