Yesterday, Microsoft was pretty upset with Google for not consulting with them before outing a vulnerability in their Windows operating system before it had been fixed. It probably still is but has today announced via a blog post that it has prepared the patch code that is currently under testing by industry participants. The security patch for affected versions of Windows will go live on November 8.
For those unaware, Google publicly outed a critical zero-day vulnerability in Windows operating system yesterday. The company took to its blog post to detail the vulnerability just ten days after informing Microsoft about the same. This sudden release, without consultation, by Google infuriated the Redmond giant who rebuked their practise for putting theirs customers at potential risk.
We believe responsible technology industry participation puts the customer first, and requires coordinated vulnerability disclosure. Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk,
reads the blog post.
The Mountain View-based search giant said that it had given Microsoft an extended period of time when compared to its threat aversion policies, which state a deadine of mere seven days. Google’s threat analysis group made the exploit public because it had reason to believe that the vulnerability was being actively exploited by hackers. And that’s so very true because the same has also been confirmed by Microsoft in its blog post.
Microsoft has revealed that the vulnerability was being exploited by a well-known Russian hacking group known as Strontium. It is an activity group that usually targets government agencies, military organizations, and its affiliated private sector organizations. The group used a low-volume phishing campaign that sends malicious mails to users in an attempt to exploit the bug, install a backdoor, and gain access to their personal data.
But you needn’t worry abotu the same if you’re running on the latest versions of all the softwares and the operating system. Since the vulnerability is related to Adobe Flash and a down-level Windows kernel, Microsoft has added that users running a safe browser(be it Edge or the patched version of Chrome) on the latest Windows 10 Anniversary Update are surely protected from these attacks. It also mentions that Adobe has patched the said vulnerability in their latest update.
Microsoft, however, now fears that the hacking group can make the malicious code public for access to other and that could be a huge headache for them — since the security patch is still a good week away from release. This revelation could possibly widen the rift between the two tech behemoths of the Silicon Valley.
