Microsoft Drags Feet On Windows Security Patch So Google Project Zero Team Goes Public With It
Here we go again. For the second time in a mere three months, Google decided to spill the beans on a Windows bug before the engineers in Redmond could release a patch for it. Microsoft has a Google countdown timer to thank for this latest disclosure; one that shows mercy to absolutely no one, or any company.
The latest bug affects a key file in Windows' GDI, or Graphics Device Interface, which is responsible for rendering graphics and fonts in Windows applications. We use "latest" lightly here, as this bug, according to Google, was simply never fixed despite having been previously reported.
It all began last March, when Google notified Microsoft of a collection of issues. In June, Microsoft released a set of patches that it believed fixed all of the problems. A Google engineer didn't think so, and this past November notified Microsoft once again of the issues. While February 14th is a day for love for many, there was no love shown to Microsoft by Google that day, as that's when the latest bug was exposed.
It's important to note that this isn't considered a severe bug, with Google's engineer choosing to label it as a Medium risk. In addition to potential graphics flaws, it could also read from parts of the system memory that it shouldn't. Regardless of its severity, it looks a little embarrassing on Microsoft to not have fixed the issue twice over. And this is far from being the first time the company has been publicly outed for unfixed bugs.