Microsoft has lashed out at Google for making a Windows 8.1 vulnerability public. Chris Betz, heading up the Microsoft Security Response Center (MSRC), published a new blog post over on TechNet talking about security and how tech companies should work together to better protect consumers against threats from exploits in software, something the company feels Google disregarded.
The blog post touches on preventing the full public disclosure of security vulnerabilities in software, which Microsoft believes is best kept under wraps.
Those in favor of full, public disclosure believe that this method pushes software vendors to fix vulnerabilities more quickly and makes customers develop and take actions to protect themselves. We disagree. Releasing information absent context or a stated path to further protections, unduly pressures an already complicated technical environment. It is necessary to fully assess the potential vulnerability, design and evaluate against the broader threat landscape, and issue a "fix" before it is disclosed to the public, including those who would use the vulnerability to orchestrate an attack. We are in this latter camp.
Betz then highlights how Google has released information about the vulnerability in Windows 8.1, just two days before a planned patch was set to be published on Patch Tuesday. Betz also states Microsoft requested Google to avoid releasing said details before January 13.
Although following through keeps to Google's announced timeline for disclosure, the decision feels less like principles and more like a "gotcha", with customers the ones who may suffer as a result. What's right for Google is not always right for customers. We urge Google to make protection of customers our collective primary goal.
The blog post closes by reaffirming that software is by no means perfect. It is indeed made by humans after all, and we've continuously displayed strong signs of imperfection throughout our history. Here's hoping the giants behind our favorite devices band together to keep everyone safe from attacks and cyber crime.
Source: TechNet
We may earn a commission for purchases using our links. Learn more.
New Surface Duo 2 FCC docs confirm 5G, NFC, and wireless charging
New FCC documents released on Friday, September 17, reveal some further information about Microsoft’s forthcoming Surface Duo 2 Android smartphone. The documents confirm 5G, NFC, Wi-Fi 6 and mentions “Wireless Power Transfer.” While it could be Qi wireless charging, there could be a more likely answer about what that is referring to.
Random: I played Sea of Thieves via Xbox Cloud Gaming on a pirate ship IRL
I tried to experience IRL on a recent vacation, but I failed. I failed thanks to Xbox Game Pass' cloud gaming. And here are some pictures that exemplify exactly how I failed.
Here's what time Diablo 2: Resurrected launches on all platforms
Diablo 2: Resurrected returns us to the dark and gritty world of Sanctuary for another crack at Diablo and his cronies. Here's when you can start playing no matter your platform of choice.
Protect your Surface Pro with one of these great cases
You have a Surface Pro in your hands and you want to protect it. This roundup of cases compatible with Pro 4, Pro (2017), Pro 6, Pro 7, and Pro 7 Plus covers rugged and stylish options so that you find something you like.