back to article Microsoft flips Google the bird after Windows kernel bug blurt

Microsoft has not responded well to Google's bug grenade, accusing the ad giant of screwing over netizens and getting its facts wrong. "We believe in coordinated vulnerability disclosure, and today's disclosure by Google puts customers at potential risk," Microsoft said in a statement. It then disputed Google's claims about …

  1. Anonymous Coward
    Anonymous Coward

    Tuesday, January 13 ???

    Tuesday, January 13 ?? I repeat, Tuesday, January 13 ???

    I'm guessing that is in 2017 as well, not 2018.

    thats....just poor.

    1. jaywin

      Re: Tuesday, January 13 ???

      You might want to read the article a bit more carefully...

      "And in January last year, Google refused to budge on the 90-day deadline it gave Microsoft to fix a reported security bug before it went public with details of the flaw.

      That time, Microsoft's senior director for trustworthy computing Chris Betz called out Google: "We asked Google to work with us to protect customers by withholding details until Tuesday, January 13, when we will be releasing a fix,""

      Not to mention January 13th 2017 is a Friday.

    2. Anonymous Coward
      Anonymous Coward

      Re: Tuesday, January 13 ???

      Microsoft and it's army of malware infested users, they have only themselves to blame.

      Of course if you had a Chromebook right now, you would be laughing pretty had at Microsoft pathetic scroogled nonsense...

      #Karna

      1. Anonymous Coward
        Anonymous Coward

        Re: Of course if you had a Chromebook right now

        Plenty of people do have Chromebooks, Google are phoning people up and giving them away (my son got two just for listening to a 15 min sales pitch for Google cloud services, though that was because the touch pad on the first one didnt' work and they didn't want it back).

        It's almost like no one wants to buy them....

        1. RyokuMas Silver badge
          Devil

          Re: Of course if you had a Chromebook right now

          "... my son got two just for listening to a 15 min sales pitch..."

          All part of the "hook 'em while they're young" strategy - if they grow up being spied on, they won't know any different. Probably explains why people accept Google's antics while at the same time whining about Windows 10 telemetry...

          1. Anonymous Coward
            Anonymous Coward

            Re: All part of the "hook 'em while they're young" strategy

            No doubt that's part of it, but if you had a product that was flying off the shelves would you also be giving it away for "nothing"?

            He's decided against using their Cloud....

  2. Destroy All Monsters Silver badge
    Trollface

    Rustworthy computing!

    fully mitigated by the deployment of the Adobe Flash update released last week

    Microsoft's statement-issuing departments are having a laugh?

  3. Captain Badmouth
    FAIL

    C'mon get serious...

    Let's be honest, Microsoft have 3 operating systems on the go : 7, 8(8.1) and 10. Instead of trying to fix one they keep pissing about with all 3 instead of dealing with the underlying security problem which is the windows system. Don't get me wrong, windows has served me well over the years and since xp it has performed very well indeed - there's lots of software out there to do whatever you need. BUT, and it's a big BUT, they've lost sight of the ball: they've tried to force people onto a new operating system/spyware program without many of the poor buggers out there realising what was going on. The ones I've saved are eternally grateful for not being on winx. They have all these people working on their systems so why can't they fix the underlying faults instead of waiting for others like google to do it for them? Sorry M$ you are your own worst enemy.

    1. nilfs2
      Windows

      Re: C'mon get serious...

      Who cares about security and reliability? GUI "enhancements" is where it is at

      1. Anonymous Coward
        Anonymous Coward

        Re: C'mon get serious...

        They are like enhanced collateral debt obligations.

        BUY!

      2. Anonymous Coward
        Anonymous Coward

        Re: C'mon get serious...

        " GUI "enhancements" is where it is at"

        Indeed. And, er, "telemetry".

    2. gudguy1a

      Re: C'mon get serious...

      The machine in Redmond has finally put out the word for OEMs to stop selling Win 7 & 8.

      But, we all know it is going to take years before those two versions go away, by which point, we're going to likely be looking at Win 15 and 18 and etc....

  4. Dazed and Confused Silver badge
    Flame

    > Additionally, our analysis indicates that this specific attack was never effective against the Windows 10 Anniversary Update

    And that's supposed to help me how?

    W10 keeps moaning that it wants to update, then it gives some stupid hex error code likes it 1979 still but at least you can Google them these days but that just retrieves loads of hits telling to do contradictory things all of which claim some MS support guy told them to try it. None of them work. Then it goes back to telling that it won't work with an encrypted disk, when the machine it's sitting next too with the same encryption worked. Yeah this is really helpful guys.

  5. Nate Amsden Silver badge

    is the windows bug

    windows 10 specific? The original blog post from google (just looked at it again) was not clear, made it sound to me like many versions were affected.

    1. sabroni Silver badge

      Re: is the windows bug

      I believe that many versions are affected. MS are trumpeting the fix in the latest Windows because that's what they think you should be running.

  6. benderama

    Relying on Adobe to fix a hole in your house is like asking a bovver boy to help with discrimination.

    1. sabroni Silver badge

      Weren't the exploits in the wild going through Flash player? If so getting Adobe to plug the vector makes sense.

  7. hplasm Silver badge
    Holmes

    Newsflash!

    "Windows users are potentially at risk and everyone and their dog now knows about it."

    Old news...

  8. Anonymous Coward
    Anonymous Coward

    Its good thing the two giants aren't totally in bed together...

    https://www.theguardian.com/technology/2016/may/02/google-microsoft-pact-antitrust-surveillance-capitalism

  9. Mikel

    It's OK. No big deal. Nothing to see here.

    You weren't using Windows for anything important, were you?

    1. Anonymous Coward
      Anonymous Coward

      Re: It's OK. No big deal. Nothing to see here.

      Well, I asked for the "Windows 10 Family Basement" edition, but they didn't have it...

  10. Anonymous Coward
    Anonymous Coward

    CVE-2016-7855

    Why CVE link to Redhat when it's Adobe Flash vuln?

    https://helpx.adobe.com/security/products/flash-player/apsb16-36.html

  11. Unbelievable!

    Just about getting sick of Google

    Tax evading, internet owning, rule makers of their own accord. Let us not forget they too have many bugs in their products.

    Sorry if that gains down votes.

    1. Go4PlanB
      Alien

      Re: Just about getting sick of Google

      I see that too, maybe for different raisons; I recall in the midst of Google controversies in 2012, Microsoft Kernel Project, Steeve Job's predictions about html 5, etc. Many users tried Ubuntu (Studio or others) and it was an awesome entry level Linux experience. Chrome was on fire and welcome by all. Then came Windows 10 that support the major Linux kernel APIs, but not Android, deception was palpable.

      But as bickering as it marketing visibility benefit, I would bet "Alphabet" not "Google" is behind the motivation in this stun. and its not as much about MS W10, as it's about "Azure" and LinkedIn acquisition. My bet is we are misled by who this fight benefit to... (Sorry if I got this all wrong, . :)

      1. Anonymous Coward
        Anonymous Coward

        Re: Just about getting sick of Google

        "Windows 10 that support the major Linux kernel APIs, "

        There was geektalk of this earlier in the year.

        It's not for real, surely?

  12. Gene Cash Silver badge

    MSFT should fire back

    They need to get their own sharp engineers/hackers/boffins[1] cracking on finding holes in Android and other Google software.

    [1] oops. perhaps not. guess Google doesn't really have to worry about retaliation after all...

    1. Anonymous Coward
      Anonymous Coward

      Re: MSFT should fire back

      Finding holes in the popular in-use versions of Android ?

      The words fish and barrel come to mind.

      1. Anonymous Coward
        Anonymous Coward

        Re: MSFT should fire back

        eg

        XP support - 12 years

        Win 7 extended support to end 2020

        Jellybean - support ended after 4 years

        Kit Kat - on security only updates after only 3 years

        Now Winphone 8.1 support will end in 2017 (3 years after introduction) - if people consider that's more comparable to Android

      2. Anonymous Coward
        Anonymous Coward

        Re: Finding holes in the popular in-use versions of Android ?

        Yeah, but Google don't patch them so it's not a problem....

    2. Anonymous Coward
      Anonymous Coward

      Re: MSFT should fire back

      "MSFT should fire back "

      Given their history they probably already have been trying to undermine FOSS by publishing flaws by proxy before Google started.

      It would be interesting to see the Windows source code published and see how lazy and slipshod MS coders have been.

  13. Mark 85 Silver badge

    Does Google feel threatened perhaps?

    With MS's Win10 and ads, this could make a dent (or maybe it's just a worrying point for Google) in Google's income.

    I asked in another article's comments if Google is getting ready for an OS war and these are pre-emptive strikes.

    1. Longtemps, je me suis couche de bonne heure

      Re: Does Google feel threatened perhaps?

      It is interesting that you should post this just when Google's quarterly revenue/sales overtook Microsoft's for the first time in history. In the most recent reported quarter, Google grew by 20% to $22bn and Microsoft grew by less than 1% to $20bn. It looks as if Microsoft may have stopped growing for the time being, whereas Google, is still growing at double digit rates.

      I think it is Microsoft that feel threatened.

  14. Dave 126 Silver badge

    >"One, you are irresponsible; two, you are wrong"

    "I didn't steal your horse, and it turned out to be a shit horse anyway."

    ??

  15. AlexS
    Headmaster

    I can't help but laugh sorry... Much as I hate the Google monopoly..

    The same company that injects nagware and tries to con people into upgrading to Win10 is now worried about what is best for customers... My arse...

  16. Winkypop Silver badge
    Megaphone

    Let's not forget who the bad guys is in all this...

    Ummmm

  17. Anonymous Coward
    Anonymous Coward

    On the plus side a patch from MS will get applied to most machines - although it'll take ages on windows 7 to update. Google release patches - but most android phones never get them. I'd stick to linux for most stuff - but the geniuses at Barclays bank IT dept don't seem to have got their payment authorisation system working on linux.

  18. Anonymous Coward
    Anonymous Coward

    "Senior Director for Trustworthy Computing"

    Lest we forget: trustworthycomputing.com

    1. slak

      Re: "Senior Director for Trustworthy Computing"

      Hahaha wat ?

      1. Anonymous Coward
        Anonymous Coward

        Re: "Senior Director for Trustworthy Computing"

        What MS mean by "Trustworthy Computing": high value content must be protected everywhere on the path between the content rights owner and the viewer/listener.

        Nothing to do with end users and/or IT departments and/or IT-dependent organisations being able to trust their most critical software vendor.

  19. Nattrash
    Trollface

    So how do you like it yourself, MS?

    Am I the only one who's not surprised that MS themselves apparently also don't like being forced into something? Aren't to happy about being bullied around by someone their own size/ bigger?

    ================

    Want to solve this bug?

    [OK] [Cancel]

    ================

    No, no, no,no, NO! I clicked Cancel, I clicked CANCEL!!!

    1. Anonymous Coward
      Anonymous Coward

      Re: So how do you like it yourself, MS?

      "Redmond bully not so tough since being molested by Not-Evil-Doing Ad Gorilla"

  20. Andy E
    Holmes

    But why?

    Can someone explain to me why Google employs engineers to find security bugs in another company's software?

    Is it so they can make the world a better place or so they can inflict reputational damage?

    Just wondering......

    1. oldcoder

      Re: But why?

      A lot of it is that Microsoft blames applications, drivers,... anything and anyone but itself when things don't work after a Microsoft update gets released...]

      And it gets worse when the update doesn't do what it was reported to do, so no information, and a dump of updates you can't avoid.

      And it is STILL the fault of someone else when it doesn't work.

  21. Anonymous Coward
    Anonymous Coward

    Posturing?

    Although there is obviously some aspects of this rooted in competition as google now fields its own operating system which competes in some areas with MS products the reality is that MS basically wants KNOWN security risks to be swept under the carpet until they can be bothered to fix them

    Considering that there is still the exact same networking bug that leaves ghost machines on networks and leaves machines unable to browse each other or where one can browse another but that one cant browse back even if theyre in the same homegroup which has been around for over 2 years now I really dont have much if any faith in microsofts desire, willingness or even abiiity to fix bugs in a timely fashion

    I actually think 90 days is far too long for a security hole that allows access to a machine and its data, I would prefer a fixed 30 day deadline with NO wiggle room and realistically even that is quite long

    Imagine an antivirus program that said its "target" for updates in response to any new threat was 90 days give or take a few weeks, who would buy it?

    1. LDS Silver badge

      Re: Posturing?

      Operating systems aren't a phone app. Apple took eight months to fix fully its task switch issue. Rush out a patch, and a lot of applications may stop working. Some fix may not be just flipping a few bytes, they could need deep rewrites of critical functions. Imposing draconian deadlines to *others* would just create more havoc than what it tries to solve.

    2. Captain Badmouth
      Windows

      Re: Posturing?

      "Imagine an antivirus program that said its "target" for updates in response to any new threat was 90 days give or take a few weeks..."

      That's the one you get when you buy a windows pc from one of the major suppliers.

      "Are you sure you want to uninstall McAfee,,,?

  22. mhenriday
    Boffin

    A tourist brochure for Reggio d'Emilia ?

    «Microsoft flips Google the bird after Windows kernel bug blurt» Strikes me rather as more like a pilgrimage to Canossa, with a modicum of spin from the PR department....

    Henri

  23. Morrie Wyatt
    Holmes

    Microsoft flipping Google the bird?

    Why not, with Windows Vista, 8, 8.1 and 10 they have done precisely this to their <cough> Customers.

    Why would they treat Google any differently?

  24. Trevor_Pott Gold badge

    Terry Myerson: "boo hoo hoo"

    Who gives a rat fuck what Endpoint Antichrist thinks? He is the most customer hostile non-Oracle executive on the planet!

  25. Mark Dowling

    If the bug was Apple's

    Would "senior leadership" have told P0 to grant a "flexible extension"?

  26. Grunchy

    Story is incomplete

    Wait a minute, you didn't explain how I can use this to turn into an international super-hacker?

    How does the vulnerability work. How do I do it.

    1. bombastic bob Silver badge
      Devil

      Re: Story is incomplete

      "How does the vulnerability work. How do I do it."

      find a copy of 'ValuHack' - that will help! I heard it's out there on sourceforge, maybe...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019