Microsoft has said Google’s disclosure of the security vulnerability in Windows 8.1 was more of a “gotcha” moment than about protecting customers. They also argued Google should be more flexible and be willing to work with other companies privately to help fix vulnerabilities.
Senior Director of the Microsoft Security Response Center, Chris Betz, said in a blog post that Google knew Microsoft had a fix in the pipeline and was due to be released on “Patch Tuesday”, however, Google went ahead with the disclosure just two days out, despite being asked not to do so.
In a post published on Google’s security research site earlier, a researcher disclosed the vulnerability and how to execute the flaw. The vulnerability allows for an elevation of privilege in Windows 8.1, an example application was also included that could launch calc.exe using the method.
Betz argued that responding to “security vulnerabilities can be a complex, extensive and time-consuming process” and that Google should be more flexible and be willing to coordinate with other companies in the interest of the millions of people who depend upon on the software.