Skip to main content

Microsoft condemns Google for revealing another Windows 8.1 security bug

Windows vulnerabilities and security concerns are nothing new, but the latest 8.1 User Profile Service exploit discovered could spark a serious corporate war. Google and Microsoft find themselves at odds again, this time disagreeing on bug disclosure timing.

A contributor for the Google Security Research program going by the nickname of Forshaw brought the glitch to Redmond’s attention on October 13 2014, filing it under medium for severity. As per Big G’s protocol, MS was given a 90-day deadline to issue a satisfactory fix before the confidential bug report would automatically go live for the whole world to see.

Recommended Videos

In response, Microsoft confirmed it was aware of the problem, and initially estimated a universally working patch would be ready for primetime by February 2015. When informed there was no bending of the rules, and no possible way to extend the three-month due date, the Windows 8.1 repairmen promised a fix for January.

But Google wasn’t willing to wait a minute past the 90 days, and less than 24 hours ago, the issue’s description and details were posted. It didn’t take long for the search giant’s arch-nemesis to snap at the reveal, which they described as a “gotcha” moment rather than a matter of principle.

Microsoft Security Response Center, Chris Betz, claims January 13, i.e. tomorrow, would have seen the vulnerability put to rest, regardless of whether Google released the sensitive information.

And there’s no reason to suspect that’s not true, since January 13 is the month’s second Tuesday, also known as Patch Tuesday for its traditional bug-treating qualities. It’s hard to argue with Microsoft when accusing Google of putting its enterprise interests ahead of those of the customers, given the same mysterious “Forshaw” dug up and ultimately published a separate Windows 8.1 exploit on December 29.

As for the specifics of the two bugs, they’re a little too technical and complicated to explain in a nutshell, so let’s just forget they even existed. As long as they’re both squashed by Wednesday, that is. If not, we may need to side with Google on this.

Adrian Diaconescu
Former Digital Trends Contributor
Adrian is a mobile aficionado since the days of the Nokia 3310, and a PC enthusiast since Windows 98. Later, he discovered…
Windows 11 is creating an ‘undeletable’ 8.63GB cache
The Surface Pro 11 on a white table in front of a window.

The recent Windows 11 24H2 update is reportedly flawed with a new issue where it creates 8.63GB of undeletable update cache. This cache is made during the update process and seems to remain on the system, despite attempts to remove it using traditional methods like Disk Cleanup, Storage Sense, or even manually deleting system folders like Windows.old​.

The issue appears to be linked to checkpoint updates, a new feature in Windows 11 designed to streamline and shrink update sizes by downloading smaller patches rather than full updates.

Read more
Don’t use your Windows PC without using these security settings
The Windows Security app in Windows 11.

Historically, Windows has had a bad reputation for security, and there are far more malware strains that target Windows than any other operating system out there -- largely due to the scale of PCs that exist in the world. With such a vast array of potential threats, it’s more important than ever to keep your Microsoft PC safe and protected.

But doing so doesn’t have to be difficult or expensive. In fact, you can start right now with just the computer you own, no extra software necessary. And if you do want to supplement your PC with some of the best Windows apps that will boost your security and privacy, you don’t need to pay a penny.

Read more
You definitely want to install these 90 Windows security patches
Microsoft Surface Laptop Go 3 rear view showing lid and logo.

Microsoft has issued security updates to address 90 vulnerabilities, some of which hackers are actively exploiting, in a blog post yesterday. These flaws allow hackers to bypass security features and gain unauthorized access to your PC's system, highlighting the need to keep your Windows computer updated.

Nine are rated Critical, 80 of the flaws are rated Important, and only one is rated Moderate in severity. In addition, the software giant has patched 36 vulnerabilities in its Edge browser in the past month to avoid issues with its browser. Users will be happy to know that the patches are for six actively exploited zero-days, including CVE-2024-38213. This lets attackers bypass SmartScreen protections but requires the user to open a malicious file. TrendMicro's Peter Girnus, who discovered and reported the flaw, proposed it could be a workaround for CVE-2023-36025 or CVE-2024-21412 that DarkGate malware operators misused.

Read more