Earlier this week, Google disclosed a security flaw in the Microsoft Edge web browser after the company didn’t patch the exploit in time. For the second time in a week, the company has disclosed an exploit in Windows 10 that Microsoft has not patched. Google has done the same thing today, its Project Zero team of security researchers has disclosed a security flaw in Windows 10 that Microsoft didn’t patch in the 90 day period that Google imposes for fixes.
Google reported two security flaws to Microsoft back in November last year but the company only patched one of them in its most recent Patch Tuesday release. The second one wasn’t patched and that’s the one that Google has now disclosed as the 90 day period is now up.
The security flaw that Google has disclosed now deals is an Elevation of Privilege which can enable a normal user to get administrator privileges on a system. Microsoft lists the flaw as “important” but not “critical” as it can’t be exploited remotely.
That doesn’t mean it’s not important to fix this exploit because an attacker could potentially use this exploit with an unknown remote code execution to get administrator access on a Windows 10 machine.
It can’t be said for sure right now how long it’s going to take Microsoft to issue a patch for this exploit. The company still hasn’t fixed the Microsoft Edge exploit that Google disclosed earlier this week.