Microsoft hits back at Google over Windows vulnerability
Google recently disclosed an actively-exploited 0-day Windows vulnerability less than 10 days after notifying Microsoft about the flaw.
The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape.
Microsoft has now hit back, saying it disagrees with Google’s characterization of the local elevation of privilege as “critical” and “particularly serious”.
“The attack scenario they describe is fully mitigated by the deployment of the Adobe Flash update released last week,” said Microsoft.
“Additionally, our analysis indicates that this specific attack was never effective against the Windows 10 Anniversary Update due to security enhancements previously implemented.”
Terry Myerson, executive vice president of the Windows and Devices Group, said patches for all versions of Windows are now being tested by industry participants.
“We plan to release them publicly on the next Update Tuesday on 8 November,” said Myerson.
“Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk.”
Now read: Google discloses actively-exploited Windows vulnerability
Loading ...