Unperturbed by Microsoft's objections over public disclosure of bugs in its software, Google has once again pointed out vulnerabilities in Microsoft's Windows 7 and Windows 8.1 platforms.
Under its Project Zero project, Google's second exposure includes two bugs, one of which allows attackers to decrypt data on Windows 7 and Windows 8.1 devices. The other vulnerability enables attackers to access device's power functions impersonating a user. The second bug is supposed to affect only Windows 7.
It's notable Google gives 90 days of time to company to fix the bug, and makes them public in case companies don't do so. Interestingly, Google's second disclosure is dated Oct 17, 2014, which means Microsoft had 3 months of time to fix the bug.
Earlier, Microsoft had criticised Google for publishing the details of a vulnerability in Windows 8.1 OS just two days before its fix was to be rolled out. Microsoft's Senior Director of the Microsoft Security Response Center, Chris Betz, claimed in an official blog post, "a call for better coordinated vulnerability disclosure", that Google's actions were irresponsible as they had informed Google about the Jan 13 fix, but had also requested the internet giant not to go public until that day.
"Specifically, we asked Google to work with us to protect customers by withholding details until Tuesday, January 13, when we will be releasing a fix. Although following through keeps to Google's announced timeline for disclosure, the decision feels less like principles and more like a 'gotcha', with customers the ones who may suffer as a result. What's right for Google is not always right for customers. We urge Google to make protection of customers our collective primary goal,” he had said.