Microsoft, Google tangle over Windows security patch
(Reuters) – Microsoft Corp has complained publicly about tech rival Google Inc revealing a security flaw in its Windows 8.1 system just days before Microsoft was scheduled to roll out a fix for the problem, potentially exposing users to hacking.
The spat highlights an ever-present tension in the software security sector between those who believe flaws should be revealed sooner rather than later to put pressure on companies to tackle the issues, and developers who sometimes need more time to come up with a solution.
In this case, Google is in the former camp, through its “Project Zero” team, which scans all types of software for bugs and reports problems privately to the developers who created them. Google gives developers 90 days to fix a problem before making the issue public.
That happened on Sunday, when Google posted a security bulletin concerning weaknesses in the user profile creation process in Windows 8.1, which could allow hackers to take control of a computer. Google had initially told Microsoft about the problem on Oct. 13.
Microsoft plans to publish a fix this week as part of its regular security update, known in the industry as “Patch Tuesday.”
“We asked Google to work with us to protect customers by withholding details until Tuesday, Jan. 13, when we will be releasing a fix,” Microsoft executive Chris Betz wrote in a blog on the company’s site on Sunday.
“Although following through keeps to Google’s announced timeline for disclosure, the decision feels less like principles and more like a ‘gotcha,’ with customers the ones who may suffer as a result.”
Google did not immediately respond to a request for comment.