An unpatched Windows 8.1 vulnerability has been exposed by a Google researcher after Microsoft failed to fix the problem in a 90-day window that had been given to the company by Google Inc. It was early this week that the existence of the bug was disclosed on the security research website of the search engine giant and sparked a debate whether it was appropriate for the company to out the vulnerability this way. Low-level Windows users can take advantage of this bug to become administrators in some situations, but some people have complained on Google’s website that it should not have mentioned the bug.
Google stated that it wasn’t clear if the bug had also affected of versions other than 8.1 of the Windows operating system. As per one individual, it was extremely irresponsible of Google to disclose this vulnerability automatically after a deadline is reached without any context. Such a company should have shown a greater degree of caution and maturity. The same individual said that the vulnerability wasn’t worse than the others that surface now and again. It was indeed unfortunate, but it wasn’t the same level serious as some flaws that have people patching servers all night.
The reality is that such vulnerabilities are utterly common in Windows. Another individual said that it was immensely dangerous to expose such vulnerabilities because it affected billions of computer users. It could hurt a lot of people and doesn’t offer any solution. The person said that organizations that are powerful and big like Google should protect people instead of causing harm by acting this way. However, there were also some people that appreciated Google on disclosing the bug because the deadline for fixing it had come and gone. One person said that there was no point in keeping this flaw a secret.
Revealing it is a good thing because it allows users to take countermeasures against this threat instead of being unknowingly vulnerable to it. This issue cannot just be mitigated through a patch. Several other options can be used by administrators while they await a patch. A statement made by Microsoft asserted that the company was working on a fix for the said vulnerability and would release a security update soon. A spokesman of the company said that it was important to bear in mind that an attacker would have to have valid logon credentials for exploiting a system and targeting a machine.
He added that the software giant constantly instructed its users to keep their anti-virus updated, enable firewall and install all security updates. Google, on the other hand, defended its action of releasing the vulnerability. The company said that they had come up with a 90-day deadline after careful consideration and discussions and the same principles have been used by security researchers. They change their disclosure policy as per the threat so they will continue monitoring their policy in the future. He added that they were constantly trying to offer better security to their users by making improvements.