Google's Project Zero Discloses (Another) Bug in Windows - Polidicks

[QUOTE]For the second time in three months, Google engineers have disclosed a bug in the Windows OS without Microsoft having released a fix before Google's announcement. The bug in question affects the Windows GDI (Graphics Device Interface) (gdi32.dll), which is a library that enables applications to use graphics and formatted text on both the video display and a local printer. According to a bug report filed by Google's Project Zero team, the bug was initially part of a larger collection of issues discovered in March 2016, and fixed in June 2016, via Microsoft's security bulletin MS16-074. Mateusz Jurczyk, the Google engineer who found the first bugs, says the MS16-074 patches were insufficient, and some of the issues he reported continued to remain vulnerable. Following subsequent tests, the researcher resubmitted his bug report in November, which Microsoft failed to patch in the 90 days interval Google allows vendors to fix bugs before going public with its reports. This is the second time Google has taken this step against Microsoft after in November 2016 it disclosed details about a zero-day exploited by a cyber-espionage group known as APT28 (Strontium) a few days before Microsoft's November Patch Tuesday. Back then, Google said it took this step to allow users to protect themselves until Microsoft published a patch. Microsoft's Terry Myerson, Executive Vice President, Windows and Devices Group, didn't see it the same way, [B]describing Google's actions as "disappointing" because it put customers at greater risk of exploitation.[/B][/QUOTE] [url]https://www.bleepingcomputer.com/news/microsoft/after-microsoft-delayed-patch-tuesday-google-discloses-windows-bug/[/url] The bug as it was first disclosed by Google's Project Zero: [url]https://bugs.chromium.org/p/project-zero/issues/detail?id=757[/url] The current bug as it is disclosed again by Google's Project Zero: [url]https://bugs.chromium.org/p/project-zero/issues/detail?id=992[/url]

[quote]Microsoft's Terry Myerson, Executive Vice President, Windows and Devices Group, didn't see it the same way, describing Google's actions as "disappointing" because it put customers at greater risk of exploitation.[/quote] No, your company's inability or unwillingness to patch vulnerabilities at a reasonable pace is what's disappointing. Maybe take a break from constant UI redesign and Xbox shit nobody cares about, and patch your vulnerabilities like the multi-billion dollar industry leader you are.

Microsoft can bitch all they want, but their shit patching schedule is their own damn fault. "Windows users will remain vulnerable to attacks until March 15, when Microsoft plans to deliver both the February and March security updates." is a joke.

[QUOTE=srobins;51847142]No, your company's inability or unwillingness to patch vulnerabilities at a reasonable pace is what's disappointing. Maybe take a break from constant UI redesign and Xbox shit nobody cares about, and patch your vulnerabilities like the multi-billion dollar industry leader you are.[/QUOTE] Maybe they've adopted the Valve Rolling Desk® method of quality control.

[QUOTE=Matthew0505;51847560]Dunno why they expect Google to care when Microsoft pulls this shit. [t]https://i.imgur.com/lTBezmY.png[/t][/QUOTE] lets B real chrome is a resource and battery hog i only ever use it on my Mbp when i need flash and it shortens my battery life to like 5 minutes

[QUOTE=srobins;51847142]No, your company's inability or unwillingness to patch vulnerabilities at a reasonable pace is what's disappointing. Maybe take a break from constant UI redesign and Xbox shit nobody cares about, and patch your vulnerabilities like the multi-billion dollar industry leader you are.[/QUOTE] I care about the constant UI redesign By which of course I mean I'm tired of it and want it to stop

[QUOTE=Matthew0505;51847560]Dunno why they expect Google to care when Microsoft pulls this shit. [t]https://i.imgur.com/lTBezmY.png[/t][/QUOTE] If I use chrome on my laptop I'd get maybe 2 hours battery life at best, with edge I've got the specified 4.5 hours. Chrome for desktop PC, edge for laptops.

Fuck, what did I do.

[QUOTE=Plaster;51848182]Chrome for desktop PC, edge for laptops.[/QUOTE] Depends on the laptop, I'm sure. Mine's got a 10 hour battery life while using Firefox, so any time I lose is pretty irrelevant to my daily life because if I need my laptop charged I'll likely have had time to charge it.

[QUOTE=Matthew0505;51847560]Dunno why they expect Google to care when Microsoft pulls this shit. [t]https://i.imgur.com/lTBezmY.png[/t][/QUOTE] As pointed out, this is true. At least on my Surface Pro 3, I've found that Edge makes my fan less likely to go full-tilt if I have a few browser windows open. I still get pissed that they do this shit though, the whole promotion around edge feels kinda douchey. On topic of the actual OP, a good friend of mine had a mentor that was a partner and higher-up when he interned at MS. One of his topics that he bitched and ranted about was how poorly W10 stuff like this is handled: being a partner and long-term employee, he's actually able to bitch about/call-out this kind of shit.

[QUOTE=Matthew0505;51847560]Dunno why they expect Google to care when Microsoft pulls this shit. [t]https://i.imgur.com/lTBezmY.png[/t][/QUOTE] And Google pulls the same thing on their website telling you to get Chrome.

Microsoft puts out a lot of updates (some fixing exploits), and people complain that Windows updates too much and that they "don't really need these updates." Microsoft decides to lax on its updates a bit, and people complain about stuff like this, and how the OS should be more up to date. :v: I mean, I get the frustration, and I definitely do expect MS to be more on the ball with things like this instead of snubbing their noses at Google, but let's be real. Most of us in here probably won't fall prey to this exploit before these security patches come out, unless you're wanting to on purpose.

[QUOTE=AzzyMaster;51856107]And Google pulls the same thing on their website telling you to get Chrome.[/QUOTE] One's on a product's page, the other is your OS.

[QUOTE=Radical_ed;51856269]One's on a product's page, the other is your OS.[/QUOTE] Which, whether you like it or not, is also a product. Windows is a platform, MS are going to insist you stick to their software as they know that should provide the "best" (or at least, smoothest) user experience. They know exactly what is going on in their own software and can optimise around it. Chrome is just awful on all platforms however, even on my work Macbook I dare not run it while on battery power for extended periods of time.

[QUOTE=hexpunK;51856400]Which, whether you like it or not, is also a product.[/QUOTE] Generally speaking, when people pay for a product, they don't want to see shit being advertised to them while using it. Especially when it's stuff they know is actually garbage for their needs or is just trash overall like Cortana's voice recognition.