On Wednesday, Google announced that Microsoft’s Windows 10 OS has a security flaw. The bug allows restricted users using Windows 10 to access administrative privileges, potentially allowing them to make important system changes. On Monday, they revealed another security flaw in Microsoft Edge.
Once Google employees find a security flaw in Microsoft products they typically alert Microsoft and give them 90 days to come up with a fix. However, Microsoft has recently been unable to issue fixes in time, and Google has responded by publicly releasing the information concerning the vulnerabilities.
A Google engineer discovered the Microsoft Edge vulnerability in November. The flaw allowed hackers to bypass the system and potentially load malicious code into memory. The hole was promptly reported to Microsoft. However, by the 90-day deadline the company had not yet come up with a fix. Google finally revealed the bug after giving Microsoft an extra 14 days to fix it. After this revelation, Microsoft still has not patched the vulnerability and the company seems unsure if a patch will be ready for their next set of updates due on March 14.
Google’s Project Zero team of security analysts has been responsible for finding many of the bugs in Microsoft’s software. Launched in 2014 in response to increasing numbers of software vulnerabilities, the Project Zero scour software made by Google and other companies for vulnerabilities. When they discover a flaw, they report it to the developer and wait 90 day before releasing the information to the public. Noted white hat hackers like Ben Hawkes, Tavis Ormandy and Ian Beer currently work on the Project Zero team.
However, Google hasn’t always stuck to its 90-day rule. In June 2017, Project Zero researchers discovered a hardware vulnerability in multiple types of microprocessors. These wide-ranging flaws potentially affected almost every computer and smartphone. Project Zero hackers kept the bugs under wraps as companies scrambled to patch the dangerous vulnerabilities. The bug was eventually revealed by the media in January 2018.
Microsoft and Google are longtime rivals and have a somewhat contentious history. In 2010, Google blocked Microsoft’s YouTube app designed for a Windows Phone. Google also created bad blood by stealing away Internet Explorer’s market share for Chrome. Although lately Amazon and Google have been more at loggerheads, Microsoft remains a major rival.