Microsoft has been attacked by Google's Project Zero security unit after the software giant had to pull its monthly Patch Tuesday last week.
The patches were expected to deliver security fixes for a long-running series of flaws that Microsoft claimed had been patched last year, but which Google's Project Zero claimed hadn't been properly fixed.
Microsoft pulled its February Patch Tuesday at the eleventh hour last week, claiming that one of the bug fixes might cause problems on some systems.
Google claims that it has uncovered multiple bugs affecting the Windows Graphics Component GDI library (gdi32.dll), which the company suggests could be used by an attacker to use EMF meta-files to access memory and, hence, to spill data.
While Microsoft issued a Security Bulletin (MS16-074) and patches to excise the bug back in June 2016, Google's Mateusz Jurczyk suggested that the Bulletin didn't fully fix the problem and described new exploits he had developed back in November, when Microsoft was also informed.
Jurczyk provided a detailed explanation of the security flaws on the Project Zero bulletin board. However, because no fix was forthcoming within the strict three-month deadline, Google published details of the security flaws over the weekend.
Indeed, Google's Project Zero has a no-ifs, no-buts policy of disclosing vulnerabilities within 90 days of reporting them to the vendor: "This bug is subject to a 90 day disclosure deadline. If 90 days elapse without a broadly available patch, then the bug report will automatically become visible to the public," warns Project Zero
It is not the first time that Google has embarrassed Microsoft over security patches. In 2015, Project Zero twice went public on flaws in Windows, with Microsoft reportedly "begging" for more time to fix the second one after flunking the deadline on the first.
The very shaming of Microsoft helped encourage it to issue a mega-patch the next month.
Microsoft's decision to roll-up all patches into one mega-patch - making it all the easier to wrap-up unwanted updates into necessary security updates - may also have meant that the whole patch release had to be postponed when late problems were found with one of the patches.
Much of today's AI is narrowly focused on specific tasks - a far cry from the general AI envisioned by the early pioneers
US space agency believes the crater could have preserved ancient organic molecules from the water that flowed there billions of years ago
Valve quietly closes down hardware initiatives launched following Windows 8
Scientists create a virtual reality simulation of a black hole sitting at the centre of the Milky Way
Simulations like this can help people understand complicated systems in the universe in a better way