Who would have thought that the internet conglomerate we know as Google would be putting pressure on Microsoft due to issues the Google security team discovered with the popular Windows operating system? Well, it seems this is just what is taking place recently as three additional Windows bugs are uncovered by Google.
Just last year Google's Project Zero revealed several bugs in Windows before Microsoft was able to patch them. Google's Project Zero is a group composed of several security engineers who investigate software in-house and from other vendors. In giving them fair warning, the Google's Project Zero lifted the viewing restructures of the three latest bugs found in Windows. Uncovered in details is the fact that Microsoft said it did not plan on patching the so-called bugs.
In the defense for Microsoft not addressing the bugs found by Google, the threshold of issuing a security bulletin for an "issue" is probably set a lot higher for Google versus Microsoft. In this perpetual battle, it still seems that Microsoft is not bending on the recent three bugs discovered by Google within the Windows operating system. It is almost a game of he said she said.
The three bugs reported by Google were listed on October 27th, November 5th and November 10th of 2014. The classifications of the bugs were flaws or possible elevation of privilege vulnerabilities. Despite the classification made by Google, Microsoft has stood their ground in stating that under their own threat rating system the three bugs are not to be ranked any higher than being "important" just below the rating of their top-tier, which is the level for issuing a security bulletin and patch.
Google seems to have a policy of not backing down in reporting bugs. Google will continue to go public after the 90-day deadline is reached. An interesting aspect of all of this is that Microsoft has rewarded entities in the past with thousands of dollars for digging up bugs in Internet Explorer. Additionally, up to $20,000 was given in an annual Pwn2Own hacking contest for exploiting Oracle's Java by some of the same individuals tasked by Microsoft. As far as balking to Google's bug findings, no one is 100% sure of the reasoning behind it.
Many computer security researchers believe that it is a good idea to put such pressure under Microsoft. After all, Windows has been touted as the most attacked operating system around and hackers are not taking any vacations from doing so with the latest versions of Windows. If anyone is to keep the fire under Microsoft, it is Google, who will probably never back down to rekindling that fire when Windows 10 drops.