recommended reading

Threatwatch

Google Discloses Another Unpatched Microsoft Bug

Software vulnerability

Google again released information about a flaw in a Microsoft product without an available security patch.

This time, Google Project Zero Team shared the details for how a bug in the Windows graphic device interface dynamic link library could leak private user data. The team said the vulnerability also affects Internet Explorer and Office Online.

The team shared the information with Microsoft on Nov. 16, but released the information publicly Monday when 90 days passed without a security patch, IT News reported. Microsoft previously addressed the issue with a June patch, but the Google team said problems remained, according to Threatpost.

It’s at least the third time Google went public with an unresolved Microsoft issue. In January 2015, Google released information 90 days after it notified Microsoft about a security hole in Windows 8.1 that allowed improper access to server functions. In November, Google disclosed what it called a critical zero-day in Windows 10. Microsoft hit back, disagreeing with the critical designation and saying Google’s announcement put Windows customers at potential risk.

sector

Web Services

reported

February 20, 2017

reported by

IT News

number affected

Unknown

location of breach

Unknown

perpetrators

Unknown

location of perpetrators

Unknown

date breach occurred

Unknown

date breach detected

2016/11