A few weeks ago, Google made headlines and drew criticism from both Microsoft and some independent security experts for their “zero day zero tolerance” policy by releasing details – including exploit code – for an unpatched Windows vulnerability. Now, oops – they did it again.
The vulnerability was reported to Microsoft and a fix was supposed to go out in this month’s Patch Tuesday updates on 01/14, but compatibility issues caused Microsoft to pull the patch and delay it until next month. Google went ahead and released the details when the 90 day mark was hit, regardless of circumstances. That means it will be out there, public for hackers to take advantage of, until the next Patch Tuesday.
Some defend Google’s actions and others condemn them but one thing is certain; it’s getting them and their security team plenty of attention.