Google has disclosed a pair of new security flaws present in Microsoft’s Windows 7 and Windows 8.1 OS.
The search giant has publicly revealed two more Windows 7 and Windows 8.1 bugs as part of its Project Zero initiative under which it pinpoints security issues in different companies and gives them a time frame of 90 days to fix that problem or publicly announce it, if they fail to do so within the stipulated time then Google does the work of revealing the glitch.
Of the two exposed flaws, the first affecting both Windows 7 and Windows 8.1 allows attackers to impersonate a normal user at identification level and decrypt or encrypt data for a log on session. The second allows Windows 7 attackers to access device’s power functions impersonating a user.
The bug in the Windows operating system was first reported on October 17, 2014 and apparently Microsoft has passed the 90-day deadline.
In response, Microsoft on Thursday said that it had planned to release a patch for the vulnerability in January, but compatibility issues forced it reschedule to February.
The announcement comes after Microsoft recently slammed Google for revealing vulnerabilities, just two days before sending out a patch.
Chris Betz, senior director of the Microsoft Security Response Center criticized Google’s action saying that “We asked Google to work with us to protect customers by withholding details until Tuesday, January 13, when we will be releasing a fix. Although following through keeps to Google’s announced timeline for disclosure, the decision feels less like principles and more like a “gotcha”, with customers the ones who may suffer as a result. What’s right for Google is not always right for customers. We urge Google to make protection of customers our collective primary goal.”
