Home » In Other News

Clock Runs Out on Microsoft Zero Day

Posted 4 Jan 2015 | Comments Off on Clock Runs Out on Microsoft Zero Day | 2,292 views

Microsoft failed to patch a zero day exploit before the automatic 90 day clock ran out. A research submitted a privilege escalation vulnerability in Windows 8.1 to Google’s Project Zero. The bug allows a local user to trick a Windows 8.1 system into providing administrator privileges. When a bug is submitted to the database, the software author is notified and a 90 day clock is started. Google considers 90 days to be a reasonable time window to fix the bug. As for this bug, the clock ran out before Microsoft released a patch.

This bug is subject to a 90 day disclosure deadline. If 90 days elapse without a broadly available patch, then the bug report will automatically become visible to the public.

Comments are closed.