Project Zero of Google’s revealed the bug of Microsoft Windows after the deadline period of 90 days
Project Zero of Google’s which is a team of security analyst employed by Google mainly tasked for finding zero vulnerabilities. There can be number of flaws in a software which is used by many number of end-users in a day to day life. So in order to detect such type of flaws, Google decided to form a full-time team dedicated to finding such vulnerabilities, not only in Google software but any software used by end users. Project zero has revealed many bugs of the software flaws and recently it has revealed a bug of windows before Microsoft fixed it.
The Bugs that are founded by the Project Zero team are firstly reported to the manufacturer to fix the bugs, the team provide a period of 90 days to fix the bugs. In case, if the bugs are not fixed then the bugs will be revealed to the public . The last day of the period i.e. the 90th day is the deadline for all the manufacturers. The period of 90day is Google’s way of implementing responsible disclosure, allowing the software companies fix a problem within 90days before informing the public. so that users themselves can take necessary steps to avoid attacks
The main impacts of the bug in Microsoft Windows is that it allow attackers to access memory using EMF metafiles, a tool implemented in the Windows Graphics Component GDI library (gdi32.dll) and which allows applications to use graphics and once an attacker is in memory which creates complexities among end users.
Mateusz Jurczyk, the Google guy who found the bug, writes that Redmond fixed similar disorders he reported last year and reported Microsoft about the issue on November 16th, 2016, and waited for the response of fixing the bug, but he didn’t get. Still waited until last week’s and on the 90day the policy of project zero of Google’s kicked out and finally revealed the flaw to the world.
When the bug was reported first in November Microsoft doesn’t liked about it. The company all-but-accused Google of giving criminals a helping hand by revealing a bug, while also saying the flaw in question wasn’t at all daunting anyway.
Yet, there is a need to get response from Microsoft about the flaw’s that are detected by the Project Zero and have to fix the bugs.