Google has rather ruthlessly knocked down Microsoft by publishing a Windows 8.1 vulnerability that allows lower-level users on Windows 8.1 systems to make themselves system administrators, hence, gaining access to the server settings and other top level privileges.
Google unhesitatingly stepped ahead to make the vulnerability as well as the code that can used to exploit the bug available on a global level under the shadow of its initiative “Project Zero“. This initiative led by Google tracks software flaws, conduct an in-depth research and eventually inform the software developer about the possible ways that the bug can be exploited. Google provides a time period of 90 days to fix the problems before Project Zero publishes the bug along with the code.
Google says that Project Zero intends to track the vulnerabilities and get them fixed before they are exploited by hackers and result into deadly outages, which have been seen a lot during past months. In Google’s own words-
Project Zero is our contribution, to start the ball rolling. Our objective is to significantly reduce the number of people harmed by targeted attacks.
Google first notified Microsoft of the bug on Sept. 30, 2014 and as per the program’s terms and policies, Microsoft has crossed the 90-days ‘deadline’. Google clarified the motive of openly publishing the vulnerability-
By removing the ability of a vendor to withhold the details of security issues indefinitely, we give users the opportunity to react to vulnerabilities in a timely manner, and to exercise their power as a customer to request an expedited vendor response.
Furthermore, Google believes that 90 days should be enough for a tech giant as big as Microsoft or other software developers out in the market to find out a relevant solution and fix the bug. Google also added that it will closely monitor the affects of this policy and might change them accordingly. So far, majority of the bugs reported by the team have been fixed before the deadline and maintained their serenity.
As for this bug, home or personal users need not worry about it as the hacker needs login credentials to get into that particular machine. However, enterprise IT networks may have to keep checking back their system status, until Microsoft releases its much delayed fix.
Meanwhile, Microsoft has said that it is working ‘hard’ on fixing this security flaw and will likely bundle it with the new Windows update soon.