Last week I mentioned that Google’s Project Zero released information about a bug in Windows 8.1, and Google are not resting on their laurels because two days ago they released information on another Windows 8.1 bug. This latest release by Project Zero mentions a user privilege escalation flaw in the User Profile Service of Windows 8.1 and you can find more information here.
Chris Betz, Microsoft’s senior director for trustworthy computing spoke about Googles actions in a blog post saying “CVD philosophy and action is playing out today as one company – Google – has released information about a vulnerability in a Microsoft product, two days before our planned fix on our well known and coordinated Patch Tuesday cadence, despite our request that they avoid doing so. Specifically, we asked Google to work with us to protect customers by withholding details until Tuesday, January 13, when we will be releasing a fix. Although following through keeps to Google’s announced timeline for disclosure, the decision feels less like principles and more like a “gotcha”, with customers the ones who may suffer as a result. What’s right for Google is not always right for customers. We urge Google to make protection of customers our collective primary goal”.
In another development at Microsoft, last Thursday they abruptly stopped their free Advance Notification Service (ANS) which they used to release the Thursday before Patch Tuesday. ANS was used to give advance warning of Patch Tuesday and what updates would be available. To receive ANS you will have to become a Premier customer.
Chris Betz stated in another blog post “Our Advance Notification Service (ANS) was created more than a decade ago as part of Update Tuesday to broadly communicate in advance, about the security updates being released for Microsoft products and services each month. Over the years, technology environments and customer needs have evolved, prompting us to evaluate our existing information and distribution channels… We are making changes to how we distribute ANS to customers. Moving forward, we will provide ANS information directly to Premier customers and current organizations involved in our security programs, and will no longer make this information broadly available through a blog post and web page“.
More about Irish Tech News
Irish Tech News are Ireland’s No. 1 Online Tech Publication and often Ireland’s No.1 Tech Podcast too.
You can find hundreds of fantastic previous episodes and subscribe using whatever platform you like via our Anchor.fm page here: https://anchor.fm/irish-tech-news
If you’d like to be featured in an upcoming Podcast email us at [email protected] now to discuss.
Irish Tech News have a range of services available to help promote your business. Why not drop us a line at [email protected] now to find out more about how we can help you reach our audience.
You can also find and follow us on Twitter, LinkedIn, Facebook, Instagram, TikTok and Snapchat.