• Cryptocurrency
  • Earnings
  • Enterprise
  • About TechBooky
  • Submit Article
  • Advertise Here
  • Contact Us
TechBooky
  • African
  • AI
  • Metaverse
  • Gadgets
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
  • African
  • AI
  • Metaverse
  • Gadgets
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
TechBooky
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Home Enterprise

Google Made A Windows Security Flaw Public And Microsoft Is Not Happy About It. Both Say They Are Right. See Details Here

Paul Balo by Paul Balo
November 1, 2016
in Enterprise, Security
Share on FacebookShare on Twitter

Google did something some think they could have handled in another way. They disclosed a critical security flaw in Windows in a public post yesterday even though they claim it that they first sent notice of this to Microsoft on the 21st of October. This bug allows attackers to escape from security sandboxes and they do this by exploiting a flaw in the win32K system.

“The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape. It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome’s sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability.”

Well Google says it came out publicly just 10 days after reporting it to Microsoft to protect users or make them aware of this while Microsoft develops a patch for the flaw. They want users to have enough information about this because exploiting this bug in the win32K system also depends on a hacker breaking separately into Adobe Flash. A patch has been issued for this and Google is urging users to update the software. We encourage users to verify that auto-updaters have already updated Flash — and to manually update if not — and to apply Windows patches from Microsoft when they become available for the Windows vulnerability.

But why did they make it public if Microsoft is already working on a patch?

The first thing to know is that Microsoft is not happy with the disclosure because hackers who may not have known of that flaw could suddenly start exploiting this. In a statement provided by Microsoft on VentureBeat, they said the following;

“We believe in coordinated vulnerability disclosure, and today’s disclosure by Google puts customers at potential risk…Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection.”

But Google has a defense;

In 2013, they updated their policy with respect to making vulnerabilities public.  Let me quote a portion of the policy below for you to see;

Based on our experience, however, we believe that more urgent action — within 7 days — is appropriate for critical vulnerabilities under active exploitation. The reason for this special designation is that each day an actively exploited vulnerability remains undisclosed to the public and unpatched, more computers will be compromised.

Seven days is an aggressive timeline and may be too short for some vendors to update their products, but it should be enough time to publish advice about possible mitigations, such as temporarily disabling a service, restricting access, or contacting the vendor for more information.

So if you want to interpret the above quote literally, it means they don’t think Microsoft’s anger over this is justified. But if you also consider that this is the first time they would be invoking that policy in three years, then you may also think something doesn’t sound right about this. Microsoft’s is major tech rival to Google and this could be interpreted as a business decision.

In any case, update Flash on your Windows computer while Microsoft works to deal with the flaw in its win32K system.

Related Posts:

  • 020tYFWBL4Yz8jIIFUdKDR1-22
    A Fix to Microsoft Windows Defender And Security Flaws
  • 1650037494_Download-Google-Chrome-Free-PC-Mac
    Google Chrome Has Security Updates Users Need To…
  • Google Chrome Selects Windows OS Versions The Web Browser Will Quit Supporting By February.
    Google Chrome Selects Windows OS Versions The Web…
  • maxresdefault (1)
    How to Upgrade to Windows 11 for Free As Windows 10…
  • m365app
    Microsoft Office Apps for Windows End Support October 14
  • win10-new-1152×648
    Microsoft’s $1.50 Windows Update Fee Kicks In July 1
  • Microsoft_passwordless
    Microsoft Will Roll Out Passkey Support For All Consumers
  • l28420241204183946
    Microsoft Ends Supports For Outdated Hardware With…

Discover more from TechBooky

Subscribe to get the latest posts sent to your email.

Tags: cyber securitygooglehackersmicrosoftsecuritywin32kwindows
Paul Balo

Paul Balo

Paul Balo is the founder of TechBooky and a highly skilled wireless communications professional with a strong background in cloud computing, offering extensive experience in designing, implementing, and managing wireless communication systems.

BROWSE BY CATEGORIES

Select Category

    Receive top tech news directly in your inbox

    subscription from
    Loading

    Freshly Squeezed

    • Central Bank of Nigeria Approves Open Banking Launch This August. Here’s what to Know May 8, 2025
    • Netflix Unveils AI‑Driven TV App Overhaul May 7, 2025
    • OpenAI Reverses For‑Profit Pivot, Non-profit Retains Control May 7, 2025
    • Airtel Africa & SpaceX to Bring Starlink to Underserved Areas May 6, 2025
    • Zone’s Blockchain Network Adds Accelerex & ITEX May 6, 2025
    • Google Can Train Search AI on Content Without Publisher Consent May 5, 2025

    Browse Archives

    May 2025
    MTWTFSS
     1234
    567891011
    12131415161718
    19202122232425
    262728293031 
    « Apr    

    Popular Tags

    africa (135) AI (497) android (367) app (717) Apple (576) artificial intelligence (419) business (482) china (132) cryptocurrency (209) ecommerce (122) enterprise (287) facebook (507) fintech (243) funding (121) gadget (558) gaming (201) google (709) government (469) instagram (173) internet (466) ios (291) iphone (246) meta (116) microsoft (369) mobile (352) new feature (384) nigeria (439) privacy (158) research (140) samsung (185) security (421) smartphone (277) social media (835) software (509) startup (419) streaming (174) telecom (241) tips (372) twitter (289) united states (216) users (158) videos (127) website (173) whatsapp (200) youtube (138)

    Quick Links

    • About TechBooky
    • Advertise Here
    • Contact us
    • Submit Article
    • Privacy Policy

    About Us

    TechBooky

    TechBooky is a social Tech blog with a special focus on the budding African Technology sector. TechBooky is currently based in Abuja, Nigeria.

    Recent News

    Central Bank of Nigeria Approves Open Banking Launch This August. Here’s what to Know

    Central Bank of Nigeria Approves Open Banking Launch This August. Here’s what to Know

    May 8, 2025
    Netflix Unveils AI‑Driven TV App Overhaul

    Netflix Unveils AI‑Driven TV App Overhaul

    May 7, 2025
    OpenAI Reverses For‑Profit Pivot, Non-profit Retains Control

    OpenAI Reverses For‑Profit Pivot, Non-profit Retains Control

    May 7, 2025
    Airtel Africa & SpaceX to Bring Starlink to Underserved Areas

    Airtel Africa & SpaceX to Bring Starlink to Underserved Areas

    May 6, 2025
    Zone’s Blockchain Network Adds Accelerex & ITEX

    Zone’s Blockchain Network Adds Accelerex & ITEX

    May 6, 2025
    Google Can Train Search AI on Content Without Publisher Consent

    Google Can Train Search AI on Content Without Publisher Consent

    May 5, 2025
    • Login

    © 2021 Design By Tech Booky Elite

    Generic selectors
    Exact matches only
    Search in title
    Search in content
    Post Type Selectors
    • African
    • Artificial Intelligence
    • Gadgets
    • Metaverse
    • Tips
    • About TechBooky
    • Advertise Here
    • Submit Article
    • Contact us

    © 2021 Design By Tech Booky Elite

    Discover more from TechBooky

    Subscribe now to keep reading and get access to the full archive.

    Continue reading

    We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.Ok