Google's Project Zero just embarrassed Microsoft yet again. Project Zero is a security directive built to fight hackers who take advantage of "zero-day exploits." A zero-day exploit is simply any newly discovered security flaw or bug that software developers haven't had time to fix.
Developers at companies like Microsoft and Google are constantly working to track down and patch holes in their programs' security. That's why zero-day exploits are so scary: there's no knowing how long hackers have known about them before they get fixed. Remember Heartbleed? That was a zero-day bug that we know had been exploited prior to the fix becoming available.
But back to Google's Project Zero. Any bug found under the Project Zero umbrella is reported to the company that it affects. The company then has 90 days to fix the bug before Project Zero announces it publicly.
Google already released one zero-day exploit before Microsoft had a chance to fix it. The resulting sniping between the two companies was funny to watch.
Microsoft called Project Zero "gotcha" tactics, and Google denied the claims.
Now, Microsoft is under the gun again. Google has just revealed two dangerous exploits against Microsoft's operating systems.
The first of two vulnerabilities exposed by Project Zero is a method for bypassing an "impersonation check." Impersonation checks are built to stop hackers from figuring out how to fool your computer.
Microsoft plans to patch the exploit in early February. That means that hackers could use this exploit right up until the moment it's patched.
Luckily, the effort it'd take to use this exploit makes it so that hackers probably won't be able to pull it off.
The other bug revealed is an exploit that allows hackers to discover a computer's power settings without administration privileges. Microsoft didn't believe this bug to be worth the effort.
Essentially, Microsoft's security team will get to this bug when they get to it.
Look out for my Patch Tuesday coverage. I'll announce when both of these fixes are released.