Google has published details about the vulnerability in Windows 8.1, although Microsoft asked not to do it
Last summer, Google announced the creation of a research group called Project Zero, dedicated to the detection and notification of security problems in its software or products of other companies.
On 30 September, this team has warned Microsoft about the vulnerability in Windows 8.1 that could allow attackers to obtain elevated privileges on computers running this operating system. Project Zero felt that 90 days would be enough to fix the vulnerability before it becomes public.
On December 29, when Microsoft was already one step away from being able to release a fix, Google researchers announced a vulnerability and even explained how to use it. As mentioned above, this error in the security system leads to elevation of privilege in Windows 8.1, and an example has been described a method calc.exe (the Windows calculator).
Chris Betz, senior Director of Microsoft Security Response Center, wrote in the TechNet blog that Google was known that Microsoft is working on a fix for the vulnerability, which is scheduled to release next «Tuesday Patches» (January 13), but Project Zero told the world about the mistake for a few days before, though they were asked not to.
Betz also said that vulnerabilities in the security system can be complex and extensive, and removing them may take a very long time. However, he noted that Google should be more flexible and able to coordinate with other companies for the millions of people who use the software, and not to pressure them to speed up the remediation process.