Google risks Microsoft's wrath with new Windows 8.1 bug disclosure

Google building

Google could feel the full force of Microsoft's wrath again by going public with details of a Windows 8.1 security flaw before the software giant has had a chance to fix it.

The search firm's security research team claim to have uncovered the issue, which allows hackers to impersonate users and decrypt sensitive data on Windows 7 and 8.1 machines, in October 2014.

"This might be an issue if there's a service which is vulnerable to a named pipe planting attack or is storing encrypted data in a world readable shared memory section," the Google research team wrote in a blog post.

The researchers then go on to acknowledge the security hole may have been created purposefully by Microsoft, before sharing details of how it can be replicated.

"This behaviour, of course, might be design. However, not having been party to the design, it's hard to tell," the post stated.

The group claim to have notified Microsoft about the issue, with further posts on the site suggesting the vendor had planned to release a fix for it during the January round of Patch Tuesday updates.

However, it's claimed the patch was pulled because of undisclosed compatibility issues, and is now set for release in February.

Under the terms of Google's disclosure policies, Microsoft was given 90 days to patch the problem, but in this instance has failed to do so. As a result, Google has now gone public with the details.

That decision is unlikely to have gone down well at Redmond, after Microsoft recently hit out at Google for disclosing details of another security hole before it had a chance to patch it.

IT Pro contacted Microsoft for comment on Google's decision to publicly release details of this latest security flaw, but was still awaiting a response at the time of publication.

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.