Google today revealed bugs affecting devices running Windows 7 and Windows 8.1.
The first bug allows attackers to decrypt data on Windows 7 and Windows 8.1 devices. Google noted, “This might be an issue if there’s a service which is vulnerable to a named pipe planting attack or is storing encrypted data in a world readable shared memory section.”
The second bug, which supposedly only affects Windows 7, enables attackers to access devices’ power functions impersonating a user.
The Google research team say that they have notified Microsoft of these issues. Under the terms of Google’s disclosure policies, Microsoft had 90 days to fix the issues. Clearly, it didn’t rectify the issues in time, so Google has gone public.
This is unlikely to sit well with Microsoft, who recently criticised Google for its disclosure of another security flaw just days before Microsoft patched it. Microsoft’s previous response to Google’s disclosure policy was, “What’s right for Google is not always right for customers.”