Google's Project Zero team has outed another Microsoft security flaw, this time in Windows 10 S.
The flaw, which is rated as "medium" in terms of severity, impacts systems with Device Guard enabled and it can't be executed remotely, so it's not easily exploited. Google explains:
Google's standard disclosure guidelines state that it will publicly disclose vulnerabilities after 90 days if they haven't been addressed. Microsoft was alerted to the issue in January, but had told Google in February that it would not be fixed in time for the April Patch Tuesday rollout. Microsoft requested extensions in early April, explaining that the issue will be fixed with the release of the Redstone 4 (spring) update. However, because there is no firm release date for Redstone 4, Google turned down the request.
This isn't the first time Google's disclosure policy has been a source of contention between the two companies. The two companies butted heads over the disclosure of a zero-day vulnerability in 2016, leading to an expression of frustration from Microsoft. That followed a similar clash between the two in 2015 over a Windows 8.1 vulnerability. More recently, Google disclosed flaws in Windows 10 and Microsoft Edge in February.
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.