Earlier in the week, Google managed to raise the ire of Microsoft by
publishing details of a vulnerability in Windows before a patch had been published. Now the same thing has happened again, but this time it's a double whammy. Google Security Research has revealed two more security holes that Microsoft is yet to fix.
Just as was the case a few days ago, Microsoft had been warned about the security problems and Google agreed to keep details private for a period of 90 days. Now the three months is up, details of the security issues have been automatically published, running the risk that users could be targeted.
One of the problems affects both Windows 7 and Windows 8, while the other is regarded a less serious and only affects Windows 7. The
Windows 7 security vulnerability is, as pointed by
Ars Technica, not regarded as serious enough to warrant a fix from Microsoft, but it's a different story for the
second problem that has been exposed -- a problem with the CryptProtectMemory function. This particular problem could lead to user data becoming exposed due to it not being properly encrypted.
