14 DAY TRIAL // Google publicly disclosed a zero-day flaw in Windows that is not yet patched by Microsoft and this made the software giant very unhappy with its rival, and now Terry Myerson, Executive Vice President, Windows and Devices Group, turns to the company’s TechNet blog to explain that with this decision, the search firm puts Windows users “at increased risk.”
Myerson explains in his post that the security flaw is exploited by the group called STRONTIUM who launched a spear-phishing campaign that’s specifically aimed at computers vulnerable to two different zero-day holes in Adobe Flash.
The Microsoft executive adds that the campaign was detected by Google’s Threat Analysis Group, and the company is now working with all involved parties, including Google and Adobe, to develop a patch and release it to Windows systems in order to make everyone secure. The patch will be rolled out next week on November 8 when Microsoft issues this month’s Patch Tuesday cycle.
“Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible. And we take this responsibility very seriously,” Myerson points out.
“Google puts our users at risk”
At the same time, the Microsoft executive also criticized Google for making this security vulnerability public, explaining that the search company put Windows users at increased risk. The vulnerability disclosure took place as a result of Google’s policy which gives software companies 10 days to release patches for security flaws that are flagged as critical.
“We believe responsible technology industry participation puts the customer first, and requires coordinated vulnerability disclosure. Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk,” Myerson explained.
Adobe has already patched the Flash Player vulnerabilities that are being exploited by attackers, and both Google Chrome and Microsoft Edge are already secure, so if you’re running any of the two browsers, you’re on the safe side. Additionally, customers with Windows Defender Advanced Threat Protection (ATP) are also secure, and all attacks are automatically blocked.