bjoernvold.com

Google has found a weakness in Windows 10 and has informed Microsoft about it.

Google gives everybody a 10 day window to fix vulnerabilities before they go public and this is to fast for Microsoft that have not even addressed the issue publicly yet.

This struggle between Microsoft and Google is not new and does create some hostility.

From the outside it is hard to see that Google pointing out weaknesses in Microsoft OS with a 10 day fix window, is unfair.

There are options like making Windows 10 without errors or discovering those before Google does it....

The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape. It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome's sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability.

More here

MS does not have the Linux community model; therefore, reacting to some like that it will take a long time.

In a secomd thought... if the vulnerability is fixed, most IT Security personnel will be out of the job. Is that what John MacAffee was selling? Fear to the masses and here how I can protect you!