Skip to main content

Microsoft Windows Vulnerability Revealed By Google

By November 19, 2016May 25th, 2021Blog, Cybersecurity

microsoftxwindowsTech giants Google and Microsoft are at odds, thanks to a recent announcement made by Google about a vulnerability in Windows’ Operating System.

Google’s longstanding policy has been to inform the company that owns the software when a security flaw is found. Google’s thresholds are seven days for an announcement, and ten days for a patch. If neither of those things happen, Google makes the announcement.
Seven days after Google informed Microsoft of this latest security flaw, the software giant had not released any information to its massive user base. So Google, in keeping with its policy, made the announcement, causing Microsoft to cry foul.

Microsoft’s position is that seven days is an extremely aggressive timeframe, and for software as complex as Microsoft’s Operating System, it’s seldom enough time to even research and verify the problem. Ten days is certainly insufficient time to prepare and properly test a patch.

Google’s view on the matter is significantly different. From their point of view, informing the public does two things. First, it spurs the company that owns the software in question to action. Once the flaw is widely known, the clock starts ticking, and it’s just a matter of time before hackers begin to ruthlessly exploit it.

This has the benefit of making the entire ecosystem stronger.

Google also contends that it’s good policy because it lets the users of the software in question know the risks they face. If the vendor isn’t forthcoming, someone has to be.
There’s something to be said for both sides of the argument. On one hand, this has been Google’s standard practice for years now, and it has had the desired effect. Companies are very quick to apply resources to fixing critical security flaws, limiting the risk in the long term.

On the other, announcing security flaws to the wider public carries certain risks. In their haste to fix the immediate problem, companies may not have the time to properly test their new patch, which could lead to the introduction of additional flaws. It also alerts the hackers of the world to new opportunities. Granted, the window tends to be small, but they can inflict significant damage, even in a limited window.

In this instance, since the security flaw was already being exploited by hackers around the world, Google seems to be on the right side of the issue, but things are not always so clear cut.

Jason Manteiga

Jason J. Manteiga, Vice President of Olmec Systems, has been part of the company for over the past 20 years. He believes that having a great work environment and supportive team, is the ultimate key to success. Since being in the IT realm for over 25 years, Jason, along with Olmec Systems, has been on the Inc. 5000 “List of America’s Fastest Growing Private Companies” and Channel Futures MSP 501 “Top Managed Service Providers in North America,” along with other awards and nominations. Jason earned his Bachelor Degree in Information Systems from the New Jersey Institute of Technology. He also holds certifications in Microsoft MCSE, VMWare VCP, and Cisco CCNA. In his spare time, Jason is a contributor for The Center for Social & Legal Research (Privacy Exchange) and a member of the Morris County Chamber of Commerce. His hobbies include cycling and kayaking. He currently lives in New Jersey with his wife, two daughters and son.