On the evening of November 1, Beijing time, Google announced a security vulnerability in Windows yesterday. It was only 10 days before Google notified Microsoft of the vulnerability, which made Microsoft very dissatisfied.
To make matters worse, Google claims that this major Windows vulnerability has been discovered by hackers. This means that hackers have written the attack code for the vulnerability and used it to launch attacks on Windows systems.
Generally, companies or security experts who find such "zero-day vulnerabilities" will allow software developers a 60-day response period, while Google has only reserved a 10-day response time for Microsoft. So far, Microsoft has not released a patch, and even the security warning has not been issued.
Microsoft was naturally dissatisfied with this, a Microsoft spokesperson said: "We believe that this type of vulnerability disclosure should be issued after coordination. Google's public exposure puts consumers at risk.
In fact, this is not the first time Google has announced a Windows vulnerability before the patch is ready. In January 2015, Google had two similar practices for Windows 8.1. Therefore, Microsoft's anger is also reasonable. Moreover, this time it is more serious because the two previous loopholes have not been exploited by hackers.
Regarding the Windows vulnerability, Google said that the vulnerability allows hackers to upgrade local permissions, allowing hackers to escape from the Windows security sandbox and execute arbitrary code. Google sees it as a "serious" vulnerability.
Original link: http://ps3-ita.com/internet/6.html