Googles Project Zero Security Team once again exposed details of a vulnerability in Windows without Microsoft developing a patch for it. Google has estimated the severity of the leak “average.”
He reported the leak on January 19 to Microsoft, which informed him on February 12 that no patch would come in the monthly patchronde in April. Then it asked for postponement and said later that it would issue a patch with the release of Redstone 4. The researcher said that for that release no exact date is known and that the problem is not particularly serious because there are also other techniques that goal, which would not yet have been solved by Microsoft. Google has a deadline of 90 days.
This has previously led to the publication of Microsoft vulnerabilities without a patch. For example, last year and at the end of 2016 the same phenomenon occurred, Microsoft in the latter case with criticism responded . Google would have created a risk for users with the decision to publish.