Google security researchers disclose Windows 8.1 vulnerability

Google released a vulnerability in Windows 8.1 this week because Microsoft was late in patching the bug. The flaw was discovered by a team of security researchers operating under the name Project Zero.

The bug allows regular Windows 8.1 users to gain administrator rights without permission. This gives them access to functionalities that they normally would not be able to access. However, the users must have valid login details and, moreover, be able to physically reach the device in question, Microsoft tells Engadget.

Security researchers at Google discovered the flaw in September. They are part of Project Zero, which started last year and is supposed to make the internet a safer place. The researchers aim with the research project to reduce the number of ‘zero day’ security problems. They also take a close look at the software of other companies.

Google made the vulnerability public this week. The internet giant said it already informed Microsoft in September, but that software manufacturer failed to squash the bug within the stated period of 90 days. According to Google, this would therefore justify making the bug public – including relevant information and a proof-of-concept.

The question is to what extent Google would do well to disclose a vulnerability. There is now a lively discussion about this. Some believe that publication is not good for security. However, Google defends itself by saying that computer users can act on it as soon as they become aware of the bug’s existence. Microsoft says it is working on a patch.