Google's Project Zero team has disclosed another Windows 10 security flaw after Microsoft failed to patch it within the standard timeframe of 90 days. As first spotted by Neowin, the bug is one of a pair that was initially reported to Microsoft in November. The company apparently fixed one of the bugs with its February Patch Tuesday fixes, but left the other untouched.
According to the Project Zero report, the flaw could allow an attacker to gain administrator privileges if exploited. The issue is listed as high severity by Google because of its ease of exploitation. However, it can't be exploited remotely, which caused Microsoft to categorize it as "important" rather than "critical." James Forshaw, the Google security researcher who reported the vulnerability, notes that it only affects Windows 10 and hasn't been verified to work on earlier versions, like Windows 7 or 8.1. It's unclear when Microsoft may release a fix for the issue in question.
This is the second flaw in a Microsoft product that Google's Project Zero team has made public in the past week. Last week, the team disclosed a vulnerability in Microsoft Edge after initially alerting Microsoft to the issue in November. According to the issue tracker, Microsoft stressed that a fix for that issue would be ready to ship in time for the March 13 Patch Tuesday.
Microsoft and Google have butted heads in the past over public disclosures of vulnerabilities. In November of 2016, Microsoft expressed frustration over Google's public disclosure of a zero-day vulnerability 10 days after reporting it to Microsoft, before the company had a chance to release a patch. That followed a similar war of words between the two companies in 2015, when Google made a Windows 8.1 vulnerability public two days before a patch was to be released. The two bugs disclosed this week followed Project Zero's standard protocol of publicly disclosing vulnerabilities after 90 days.
We may earn a commission for purchases using our links. Learn more.
Review: Gigabyte's Z490 AORUS ULTRA is a gorgeous Intel motherboard
Gigabyte's Z490 AORUS ULTRA is a motherboard you should consider for a 10th or 11th Gen Intel-powered PC. On paper, it has plenty going for it, including amazing power design and cooling, passively cooled M.2 slots and good overclocking support.
You can get the Windows 10 October 2020 update early – here's how
In this guide, we'll show you the steps to upgrade your computer to the final release of the Windows 10 October 2020 Update before it's officially available to everyone.
Windows 10 October 2020 Update moves closer to launch with Release Preview
The Windows 10 October 2020 Update is nearly ready for primetime. Microsoft began shipping the update to Release Preview Insiders today, which is the last stop before it will start its full rollout to the public.
The NFL is back! Check out these must-have Windows apps for football fans
After months of waiting through a unique offseason and no preseason games, the NFL is finally back this week. With these Windows 10 apps, you won't miss a snap of the NFL action.