Google again released information about a flaw in a Microsoft product without an available security patch.
This time, Google Project Zero Team shared the details for how a bug in the Windows graphic device interface dynamic link library could leak private user data. The team said the vulnerability also affects Internet Explorer and Office Online.
The team shared the information with Microsoft on Nov. 16, but released the information publicly Monday when 90 days passed without a security patch, IT News reported. Microsoft previously addressed the issue with a June patch, but the Google team said problems remained, according to Threatpost.
It’s at least the third time Google went public with an unresolved Microsoft issue. In January 2015, Google released information 90 days after it notified Microsoft about a security hole in Windows 8.1 that allowed improper access to server functions. In November, Google disclosed what it called a critical zero-day in Windows 10. Microsoft hit back, disagreeing with the critical designation and saying Google’s announcement put Windows customers at potential risk.