Google publishes details of Windows bug after Microsoft 90-day Project Zero disclosure deadline

Google's Project Zero has proved controversial on several occasions already, with the search giant publicly revealing details of software bugs when companies fail to fix them. Now the project has unearthed a bug in Windows, and as Microsoft failed to patch it within 90 days of being notified, details of the flaw have been made available for everyone to see -- and exploit. A problem with the Windows Graphics Component GDI library (gdi32.dll) means that a hacker could use EMF metafiles to access memory and wreak all sorts of havoc. While Microsoft has issued Security Bulletin MS16-074, Google's Mateusz Jurczyk… [Continue Reading]