Newer Windows bugs have once again been made public by the internet giant Google. The bugs have been made known to the general public through Project Zero – the part of the company. However, there has been criticism on this particular move.
The bug has been found in the 7 and 8.1 version of the Windows operating system.
The bug has been spotted in the CryptProtectMemory. This is a memory encrypting attribute, which is in the Windows 7 and Windows 8.1 versions of the OS. The bugs have been made public after only after the end of the deadline of 90 days.
As a matter of fact, Google allows 90 days and only then makes the bugs public.
The bug has been described on the Google Security Research page. James Forshaw is the Project Zero manager and the details have been posted by him. Describing the CryptProtectMemory function, James Forshaw made it clear that the memory can be encrypted by an app in any scenario that can be logon session, computer or process.
The Windows bugs allow any attacker to mimic a real-time user. He can then either encrypt or decrypt the data on the Windows OS versions mentioned above.
James Forshaw also wrote about the Windows bugs saying that Microsoft had spoken of planned fixes for these bugs for January patches. However, there was no such fixes released. But, the same are now expected in next month’s fixes.
One more bug has come to the fore, which is related to the power settings of a computer. This bug allows the attacker to have a look at the information of these settings. However, both Google and Microsoft have issued similar statements saying that these bugs aren’t one of the critical Windows bugs.
It was last Sunday – January 11 this year that Google had publicized the Windows 8.1 bug in their Project Zero. The project aims at making it compulsory for software developers for improving the response time towards software errors. Working on such Windows bugs would help making the web a more secure place.
Microsoft had taken a dig at Google for making the Windows bugs public even before they could release any fix for it.