As a part of its new “Project Zero” security initiative, Google released details about a security vulnerability in Windows 8.1 just a few days before it was slated to be patched, and Microsoft didn’t like that. The initiative gives companies a 90-day deadline to fix vulnerabilities before Google basically shows hackers how to use them.
Microsoft is publicly criticizing Google for releasing details about a security vulnerability in Windows 8.1 two days before the Redmond company was slated to patch the bug — saying that Google is putting users at risk by rejecting Microsoft’s request to wait until the fix is released. Google made the latest disclosure as part of its “Project Zero” security initiative, which provides companies a 90-day deadline to fix vulnerabilities before they are disclosed publicly, giving hackers key details to exploit the bug. In this case, the flaw in the Windows 8.1 log-on mechanism would allow an attacker to escalate their privileges on a user’s computer, effectively taking over the machine.