If it is not Edge is Windows 10, Google publishes another system failure because Microsoft is running out of time to fix it
Project Zero , the group of security researchers at Google, also known as Microsoft’s worst nightmare, has unveiled another vulnerability in Windows 10 after the company was running out of time to spend the 90 days that Google gives to correct the failures that it discovers.
In its report , Project Zero explains how the bug could allow an attacker to gain administrative privileges in the system if exploited. The problem has been listed as high severity by Google because it is easy to exploit.
Apparently it was two similar bugs that were initially reported to Microsoft in November, the company corrected one in its monthly update on Thursday during February, but the one that just unveiled Google was not touched.
As the vulnerability can not be exploited remotely, Microsoft classifies it as “important” and not as “critical”. The bug that only affects Windows 10does not yet have a clear resolution date.
This is the second security flaw in a Microsoft product exposed this week by Google . On Monday we commented on a vulnerability in the Edge browser that the company can not correct in the 90 days established by Project Zero because “the solution was more complete than they had anticipated”.
Microsoft will probably continue to be frustrated with Google’s policy of making vulnerabilities public before they have a solution, but in Project Zero they will remain in them, because they believe that pressure is what causes many companies to show interest in solving their problems for fear of end in the news.