Google risks Microsoft's wrath with new Windows 8.1 bug disclosure
Google goes public once more with details about Windows security flaw. How will Microsoft respond?
Google could feel the full force of Microsoft's wrath again by going public with details of a Windows 8.1 security flaw before the software giant has had a chance to fix it.
The search firm's security research team claim to have uncovered the issue, which allows hackers to impersonate users and decrypt sensitive data on Windows 7 and 8.1 machines, in October 2014.
"This might be an issue if there's a service which is vulnerable to a named pipe planting attack or is storing encrypted data in a world readable shared memory section," the Google research team wrote in a blog post.
The researchers then go on to acknowledge the security hole may have been created purposefully by Microsoft, before sharing details of how it can be replicated.
"This behaviour, of course, might be design. However, not having been party to the design, it's hard to tell," the post stated.
The group claim to have notified Microsoft about the issue, with further posts on the site suggesting the vendor had planned to release a fix for it during the January round of Patch Tuesday updates.
However, it's claimed the patch was pulled because of undisclosed compatibility issues, and is now set for release in February.
Under the terms of Google's disclosure policies, Microsoft was given 90 days to patch the problem, but in this instance has failed to do so. As a result, Google has now gone public with the details.
That decision is unlikely to have gone down well at Redmond, after Microsoft recently hit out at Google for disclosing details of another security hole before it had a chance to patch it.
IT Pro contacted Microsoft for comment on Google's decision to publicly release details of this latest security flaw, but was still awaiting a response at the time of publication.
Accelerating AI modernisation with data infrastructure
Generate business value from your AI initiativesFree Download
Recommendations for managing AI risks
Integrate your external AI tool findings into your broader security programsFree Download
Modernise your legacy databases in the cloud
An introduction to cloud databasesFree Download
Powering through to innovation
IT agility drive digital transformationFree Download