Google researcher exposes the presence of bug in the Windows 8.1 after Microsoft didn’t fix the mentioned security flaws in the given period of time (90 days). Google considers 90-days-a fair amount of time to warn a competitor about an exploit taking place in its system. However, despite having enough time, Microsoft sounded little slow to fix up the recent flaw that Google team came across in its Windows 8.1. As a result, Google has publicly disclosed the Windows 8.1 vulnerability as well as the code required to take full advantage of the exploit.
The bug detected by the Google researcher – Forshaw, allows local user of a machine to gain administrator privileges – which further opens up the door to other malicious acts with computer and its settings.
In a response to a threat disclosed by the Google, Microsoft spokesperson said, “We are working to release a security update to address an Elevation of Privilege issue. It is important to note that for a would-be attacker to potentially exploit a system, they would first need to have valid logon credentials and be able to log on locally to a targeted machine. We encourage customers to keep their anti-virus software up to date, install all available Security Updates and enable the firewall on their computer.”
The statement by Microsoft might be relaxing, but it is not yet clear whether the bug is present in earlier versions of Windows, but the ability to gain administrator privileges is definitely a threat for Windows 8.1 users.
In the meantime, the disclosure of bug by Google is considered as a help to those billions of users who may be running vulnerable systems – it is a good way to make them aware of the bug and the threat that it can pose to their own security and take measures to prevent such threats.