Update: Microsoft attacks Google's Windows hack alert

[steven36]

Google's revelation of a security flaw in the Windows operating system has caused anger at Microsoft.

 

 

 

 

Google published details of the yet-to-be-fixed bug on Monday after giving Microsoft a week to react.

 

 

Google said the issue was "particularly serious because we know it is being actively exploited".

 

 

But Microsoft said the alert could do more harm than good at this point because it needs more time to develop a patch.

 

 

"We believe in co-ordinated vulnerability disclosure, and today's disclosure by Google puts customers at potential risk," a Microsoft spokesperson told the VentureBeat news site.

 

 

The flaw involves a file called Win32k.sys, which the operating system requires to display graphics. It should not be deleted or otherwise altered by users because doing so can cause system errors that result in the so-called "blue screen of death".

 

 

However, Google outlines a way hackers can exploit the file to cause a "security sandbox escape", meaning that once it is compromised they can access and alter other unrelated computer functions to cause problems.

 

 

Since 2013, Google has operated a policy of giving developers 60 days to fix a flaw it has identified if it does not believe anyone else is making use of it, but only seven days if it thinks it is being actively abused.

 

Google suggests it is better to warn the public about some flaws than to keep them hidden

 

 

 

It acknowledged at the time that this was "an aggressive timeline" that might be too short to create a fix but added that it should be enough time to publish advice about "possible mitigations".

 

 

"By holding ourselves to the same standard, we hope to improve both the state of web security and the co-ordination of vulnerability management," it added.

 

 

The search firm suggests one way users could limit their exposure would be to use its Chrome web browser, which it says is not exposed to the vulnerability.

 

 

For its part, Microsoft says that so long as Flash users have installed the latest version of the media plug-in, they should be safe.

 

 

"We disagree with Google's characterisation of a local elevation of privilege as 'critical' and 'particularly serious' since the attack scenario they describe is fully mitigated by the deployment of the Adobe Flash update released last week," a Microsoft spokeswoman told the BBC.

 

 

"Additionally, our analysis indicates that this specific attack was never effective in the Windows 10 Anniversary Update due to security enhancements previously implemented."

 

 

One cybersecurity expert said it was hard to say which tech giant was in the wrong without knowing more.

 

 

"What Google has done is understandable, bearing in mind it says the bug is already being exploited," commented Dr Steven Murdoch from University College London.

 

 

"But whether or not it was right to have made the flaw public is a matter of debate - there are reasonable arguments on both sides, and we still don't know who are the attackers and who are the targets."

 

Source:

http://www.bbc.com/news/technology-37833146

 

 

[lurch234]

12 minutes ago, steven36 said:

"Additionally, our analysis indicates that this specific attack was never effective in the Windows 10 Anniversary Update due to security enhancements previously implemented."

 

That could be true. Microsoft has a habit of making things "ineffective" with their forced updates

 

Quote

One cybersecurity expert said it was hard to say which tech giant was in the wrong without knowing more.

 

While it is commendable to be sure of one's facts, my money would be on MS fault considering its track record...

[steven36]

48 minutes ago, lurch234 said:

While it is commendable to be sure of one's facts, my money would be on MS fault considering its track record...

That's the pot calling the kettle black , Microsoft patched 600 security vulnerabilities in windows 7 since it was released on the other hand .Google's O/S  Android  Google leaves it up to the vendors many phones never get patched there track record is worse than Microsoft because the don’t provide no kind of live update relief for many users and they have over a billion users like windows.  I don’t need a phone to access the internet ..

 

i don’t need to take the internet to the toilet with me.  I don’t need Windows  for everything i use Linux but they are things I need them for  but Google other than using there search sometimes and Youtube , I have no use for them at all.   I don’t use Google apps or do i sign in to there services . If i use Chrome I use one not done by them .

 

Only way Microsoft would be in the wrong here is if they knew about it already ..They patched a hole in IE  2 months ago they knew about for 2 years that was bad . The difference in this and that was there's no public record Microsoft knew about this one.  But Google pulled this before a few years back ..So it's just history repeating it's self and Microsoft had a fit about it too.

 

It's seems too me Google  just used it to try too get all people on Chrome because it was already patched in all  flash ..I don’t even use flash any more . And there's a fine line between privacy and security  and Google don’t have none of ether, even when i visited YouTube  they  poped up a thing before saying this is a privacy reminder YouTube belongs to Google .  

 

[lurch234]

Hmmm, since I don't own a smart phone or a pad of some kind I wasn't aware of Googles practices in that matter. Yeah, to be honest you have to give credit to Microsoft for taking care of the vulnerabilities.

 

Quote

i don’t need to take the internet to the toilet with me. 

 

He he he! I'm sure going to try and find an occasion to say that to some people I know

[Bausch]

Or maybe Microsoft is waiting for a more integrated version of a spy feature to silently push along with an update that is more likely to get installed.

 

In my opinion, neither can be considered a good or bad company. They are in for the money. Morality has got nothing to do with it. Consumers pick their poison. Each has its pros and cons. But they all have one thing in common. Business comes first, as in, their own business.

[pc71520]

Digital...Corporate...Rivalries...