Google has been actively finding new security vulnerabilities in Microsoft's products through its Project Zero research wing. The company has now disclosed an issue with Windows, which Microsoft hasn't patched within the 90-day window given by Google after reporting it to the Redmond giant.
Last time around Google played foul and disclosed a serious Windows vulnerability to the public just 10 days after revealing it to Microsoft. However, this time the Redmond giant is to blame for not fixing a security issue affecting its operating systems ranging from Windows Vista Service Pack 2 to the latest Windows 10.
As per the Project Zero website, security researcher 'mjurczyk' reported a vulnerability in Windows' GDI library that could be exploited by attackers to steal information from memory and affects any program that uses this library. The initial report was sent to Microsoft on the 9th of June last year, and the company released a fix for the issue on 15th June.
Leggi la notizia: https://www.neowin.net/news/google-reveals-a-windows-vulnerability-as-microsoft-fails-to-patch-it