Microsoft has criticised Google for publishing the details of a vulnerability in Windows 8.1 OS just two days before its fix was to be rolled out. Google published the details of the bug as part of its Project Zero initiative.
However, Microsoft says that it had informed Google that the patch for the bug was to be released on 13th Jan and the Internet giant still released the details, making customers vulnerable.
Microsoft's Senior Director of the Microsoft Security Response Center, Chris Betz, stated in an official blog post, "a call for better coordinated vulnerability disclosure", stating that Google's actions were irresponsible as they had informed Google about the Jan 13 fix, but had also requested the internet giant not to go public until that day.
Betz stated on MSRC blog post, "Specifically, we asked Google to work with us to protect customers by withholding details until Tuesday, January 13, when we will be releasing a fix. Although following through keeps to Google's announced timeline for disclosure, the decision feels less like principles and more like a 'gotcha', with customers the ones who may suffer as a result. What's right for Google is not always right for customers. We urge Google to make protection of customers our collective primary goal."
This is not the first time that Google disclosed any such vulnerability of Microsoft's Windows 8.1. On 30th Dec, a similar issue was made public by Google after the expiry of the 90 day deadline. Google's Project Zero researcher Ben Hawkes defended that the earlier vulnerability thread went live automatically after the 90-day deadline expired on December 29 from September 30, when the issue was first reported to Microsoft.
Interestingly, Microsoft has previously run Scroogled campaigns against Google. The company started the campaigns against Google in late 2012 where Microsoft blatantly mocked Google in various ads. Microsoft even started selling 'Scroogled' merchandise, intensifying the war against the internet giant.