Microsoft Corporation (NASDAQ:MSFT) is not amused by a move by Google Inc (NASDAQ:GOOGL) to go public over a vulnerability in its Windows 8.1 OS. Google revealed a potential risk to Windows 8.1 users and informed Microsoft about the problem. However, it seemed to Google that Microsoft was taking too long to act that it disclosed the problem to the public about two days before Microsoft could fix it.
According to Microsoft Corporation (NASDAQ:MSFT), Google’s behavior with regards to Windows 8.1 vulnerability exposed users to unwarranted risks. The issue is that hackers could easy exploit the loophole to launch attacks on Windows 8.1 users, a development that could easy damage the reputation of Microsoft as a software vendor.
The issue with Windows 8.1 that Google Inc (NASDAQ:GOOGL) disclosed prematurely was a flaw in the log-in mechanism of the OS. The vulnerability is one that could help attackers escalate their threats on the users of the OS, possibly taking over the control of their computers.
Project Zero
Google has a security initiative known as Project Zero, whereby the company does security surveillance and asks for fixes in case a problem is noted. It allows software vendors up to 90 days maximum to address the issue before they reveal it to users.
In revealing such vulnerability to users, Google Inc (NASDAQ:GOOGL) hopes that software providers would be compelled to address bugs in their systems quickly. Additionally, such disclosures also give users the right to know about potential risks in the systems they are using. However, the problem is that premature disclosures can have untold risks on users if attackers exploit the opportunity before a fix.
Vulnerabilities are complex
As for Microsoft Corporation (NASDAQ:MSFT), the issue of dealing with vulnerability is a complex one, especially taking into account a widely used system such as Windows. Additionally, hurried fixing of a bug could have far-reaching adverse impact on software users, which is why Microsoft chooses to approach such fixes cautiously. However, Google doesn’t feel it acted wrongly in disclosing the Windows 8.1 vulnerability prematurely.