Google Goes Public About Unpatched Windows Vulnerability

By | February 20, 2017

Google security engineers have once again made details of a vulnerability in Microsoft’s software public, before Microsoft has been able to roll out a patch.

Windows users and system administrators around the world have become accustomed to Microsoft releasing important security patches for its wide variety of products on the second Tuesday of every month, regular as clockwork.

This month, however, something went wrong.

At the “last minute” Microsoft announced last week that it would not be releasing security updates on this month’s Patch Tuesday (February 14th) due to an issue that it discovered at the eleventh hour would impact customers.

Which is a shame – not least because it’s possible that Microsoft’s planned update might have addressed a security flaw in its code that Google’s Project Zero team went public about on Tuesday February 14th.

Google first informed Microsoft of the flaw in March 2016, warning that a hacker could exploit it to elevate their privileges. Microsoft responded by rolling out a patch in June (MS16-074). However, now it appears that Microsoft’s fix was not as complete as we might have hoped, and Google’s team has found other ways to exploit the flaw and – to prove their point – released proof-of-concept code.

Subscribe for latest security updates

  • Sean Ervin

    Google security team rocks!!