Microsoft and Google are in a clash regarding the issue of a vulnerability disclosure. After allowing a ten-day window for Microsoft to warn the users about the critical flaw in Windows Google has disclosed it by itself. Google said Microsoft was yet to issue an advisory or circulate a fix about the software flaw in the security blog where it posted about the zero-day vulnerability. Google believe this vulnerability to be particularly serious, as it has been exploited actively. It lets hackers abuse a glitch in the Windows kernel, via a win32k.sys system call, to dodge the security sandbox. For Microsoft to fix the problem first Google waited for 10 days after informing Microsoft on October 21.
Google has a policy of giving vendors only seven days to either issue a warning or publish a patch about the glitch. The company agreed to the fact that the seven days’ time is not enough for some vendors to go through the update but the company said it is enough time to publish advice about possible mitigations. Microsoft said in an email on Monday today’s disclosure could put users at risk and they believe in coordinated vulnerability disclosure. Though over disagreeing over disclosing a vulnerability this is not the first time for the two companies.