Google’s Project zero is a team of developers who spend some of their time on research that makes the internet safer by identifying security loopholes. This elite team of bug hunting hackers discovered vulnerability in Windows 8.1 that could give low-level users’ administrator’s rights.
Every bug that they discover is filed in an external database and initially reported only to the software vendors. The bugs that are identified are subject to a 90 day disclosure deadline within which the vendors are expected to fix it. If the deadline elapses, the bug report is automatically made visible to the public.
A researcher detected a Windows 8.1 bug that gave lower-level users access to sensitive server functions by an elevation of privileges that they would normally have no right to. The Zero team reported it to Microsoft on September 30 and reaching the 90 day deadline with the Windows 8.1 bug unpatched, they posted the details of the exploits online. Here is Mountain View’s statement on the same, “just to make this absolutely clear, the (bug) was reported to Microsoft on September 30 (along with) the 90-day disclosure deadline statement… which in this instance has passed.”
This issue has sparked considerable debate over the internet. Some commend Google for its great research and support its decision of exposing the vulnerability to the general masses. There are millions of people who may currently be running the insecure system, this enables them to be aware of the threat and take preventive countermeasures if needed; simultaneously pressurizing the manufacturers and developers to fix their products. On the other hand, some consider it outrageous and irresponsible of Google to disclose such sensitive information.
