Google on Monday posted to the Internet a previously unpublicized flaw that could pose a security threat to users of the Microsoft Windows operating system. Google notified both Microsoft and Adobe of zero day vulnerabilities in their software on Oct. 21, wrote Neel Mehta and Billy Leonard, members of Google’s Threat Analysis Group, in an online post. Google has a policy of making critical vulnerabilities public seven days after it informs a software maker about them. Adobe was able to fix its vulnerability within seven days; Microsoft was not.
"Although Google contrasted Adobe's quick action in patching its zero day vulnerability with Microsoft's inaction, the comparison may be less than fair.
"The time to patch code in Adobe Reader or Flash versus something that integrates into an operating system is considerably different," said Brian Martin, director of vulnerability intelligence at Risk Based Security."
BS. Microsoft has been in business a LOT longer than Adobe and has been working on the Windows OS for decades. That's long enough to work out these bugs.
Plus...the fact that there are so many versions of a particular Windows release is Microsoft's own doing. They wanted it fragmented into Standard, Professional, Enterprise, yada yada, so they could make more money. That's not an excuse to call for more time to update something, especially when many of these problems apparently have been around for years.
So I guess Google wanted to light a fire under Microsoft to fix stuff? We have had exploit in the wild before a patch is out. It's not out of the question and how many zero day exploits have we seen? For me a long time Windows user, I have come to expect exploits,and Google is not the bad guy to let everyone know the stuff is out there so protect yourself and nudge Microsoft into a fix.
Loading ...
Microsoft: Google’s Policy Endangers Windows Users
Posted by: John P. Mello Jr. November 1, 2016 03:12 PMGoogle on Monday posted to the Internet a previously unpublicized flaw that could pose a security threat to users of the Microsoft Windows operating system. Google notified both Microsoft and Adobe of zero day vulnerabilities in their software on Oct. 21, wrote Neel Mehta and Billy Leonard, members of Google’s Threat Analysis Group, in an online post. Google has a policy of making critical vulnerabilities public seven days after it informs a software maker about them. Adobe was able to fix its vulnerability within seven days; Microsoft was not.
"The time to patch code in Adobe Reader or Flash versus something that integrates into an operating system is considerably different," said Brian Martin, director of vulnerability intelligence at Risk Based Security."
BS. Microsoft has been in business a LOT longer than Adobe and has been working on the Windows OS for decades. That's long enough to work out these bugs.