Joe Belfiore discussing windows 8.1 update
Joe Belfiore, vice president of the operating system group at Microsoft, holds a mobile phone featuring the new Windows 8.1 operating system during the company's "build" conference in San Francisco, California April 2, 2014. REUTERS/Robert Galbraith

Google's security research team is now under fire for disclosing information on Windows 8.1 problems or vulnerabilities. The release of details came before Microsoft published a patch.

"The bad guys don't need to be spoon-fed that stuff," CSO quotes Sophos adviser John Shier. According to the report, the security team under Google's Project Zero found the flaw last September and reported it to Microsoft. The vulnerability allows programs to run under administrator privileges even without permission.

According to E-week, there are now concerns whether the move to disclose the matter publicly was a good move on Google's part. Called the "zero-day" visibility, details about the problem first went public last Dec. 30.

On Google's part, the company did send a warning note to Microsoft. "This bug is subject to a 90 day disclosure deadline. If 90 days elapse without a broadly available patch, then the bug report will automatically become visible to the public," went the warning note.

However, the time allotted elapsed, thus the public reporting of the bug. Shier recognised Google's efforts, saying the company gave Microsoft enough time to address the vulnerability. Likewise, the 90-day release warning has been a practice. According to Shier, this allows vendors to prioritise to address issues as soon as possible rather than later.

On Microsoft's part, while the company did not deny the problem, it has been downplaying the gravity of the vulnerability. A Microsoft spokesperson said in an email statement that the company has been working on a security update to solve the privilege-escalation flaw.

The spokesperson said for would-be attackers to exploit a system, they would have to have valid log-on credentials and be able to locally log on to a targeted machine. The representative also added the company encourages customers to update their anti-virus software constantly. More importantly, all available security updates should be installed and firewall enabled.

For feedback on this article, please email writer at p.silva@ibtimes.com.au.