Google spills the beans on Windows security hole (again)

Google landed on Microsoft's bad side not long ago when Google published details on a security vulnerability in Windows before a patch was ready to plug the hole. Google Security Research has done it again unveiling details of a pair of security holes in Windows before Microsoft has patched the vulnerabilities.

Apparently, Google had agreed to not publish details of the security issues for 90 days to give Microsoft time to patch the holes. When the holes went unpatched, Google published details anyway as was agreed. The problem for users of Windows is that by publishing the details with the flaws still unpatched, end-users of Microsoft operating systems could be targeted by hackers.

One of the security issues that Google has revealed affects both Windows 7 and Windows 8. The second flaw targets only Windows 7. That Windows 7 flaw isn't going to get a patch apparently because Microsoft thinks it's not serious enough. The main issue that affects both versions of Windows is a CryptoProtectMemory function that could lead to user data being exposed because it isn't properly encrypted.

This flaw was supposed to be fixed in a patch, but the patch had a flaw and was pulled at the last minute. This means that it is likely the flaw will remain vulnerable until next month when patch Tuesday rolls around, unless Microsoft patches it out of schedule which seems unlikely.

SOURCE: Betanews