IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Google risks Microsoft's wrath with new Windows 8.1 bug disclosure

Google goes public once more with details about Windows security flaw. How will Microsoft respond?

Google building

Google could feel the full force of Microsoft's wrath again by going public with details of a Windows 8.1 security flaw before the software giant has had a chance to fix it.

The search firm's security research team claim to have uncovered the issue, which allows hackers to impersonate users and decrypt sensitive data on Windows 7 and 8.1 machines, in October 2014.

"This might be an issue if there's a service which is vulnerable to a named pipe planting attack or is storing encrypted data in a world readable shared memory section," the Google research team wrote in a blog post.

The researchers then go on to acknowledge the security hole may have been created purposefully by Microsoft, before sharing details of how it can be replicated.

"This behaviour, of course, might be design. However, not having been party to the design, it's hard to tell," the post stated.

The group claim to have notified Microsoft about the issue, with further posts on the site suggesting the vendor had planned to release a fix for it during the January round of Patch Tuesday updates.

However, it's claimed the patch was pulled because of undisclosed compatibility issues, and is now set for release in February.

Under the terms of Google's disclosure policies, Microsoft was given 90 days to patch the problem, but in this instance has failed to do so. As a result, Google has now gone public with the details.

That decision is unlikely to have gone down well at Redmond, after Microsoft recently hit out at Google for disclosing details of another security hole before it had a chance to patch it.

IT Pro contacted Microsoft for comment on Google's decision to publicly release details of this latest security flaw, but was still awaiting a response at the time of publication. 

Featured Resources

Accelerating AI modernisation with data infrastructure

Generate business value from your AI initiatives

Free Download

Recommendations for managing AI risks

Integrate your external AI tool findings into your broader security programs

Free Download

Modernise your legacy databases in the cloud

An introduction to cloud databases

Free Download

Powering through to innovation

IT agility drive digital transformation

Free Download

Recommended

Google backs Thales' public cloud services firm
public cloud

Google backs Thales' public cloud services firm

30 Jun 2022
Google aims to court US public sector with new division
public sector

Google aims to court US public sector with new division

29 Jun 2022
Google Earth Engine open for business on Google Cloud, in corporate sustainability push
Cloud

Google Earth Engine open for business on Google Cloud, in corporate sustainability push

28 Jun 2022
Microsoft reportedly blocks Russian Windows 10 and Windows 11 downloads
Microsoft Windows

Microsoft reportedly blocks Russian Windows 10 and Windows 11 downloads

20 Jun 2022

Most Popular

Actively exploited server backdoor remains undetected in most organisations' networks
cyber attacks

Actively exploited server backdoor remains undetected in most organisations' networks

1 Jul 2022
Macmillan Publishers hit by apparent cyber attack as systems are forced offline
Security

Macmillan Publishers hit by apparent cyber attack as systems are forced offline

30 Jun 2022
Former Uber security chief to face fraud charges over hack coverup
data breaches

Former Uber security chief to face fraud charges over hack coverup

29 Jun 2022