Windows 8.1 allows low-level users to gain administrator privileges. It has been 90 days since Google found the security issue, however there is still no fix from Microsoft.
This security hole was found as part of Google’s Project Zero initiative, which finds weaknesses in software in hopes that the developers can create solutions before hackers can take advantage of them. Microsoft was made aware of the flaw on September 30th, but they have not been able to resolve it.
While many criticize Google for releasing this information, “Project zero believes that disclosure deadlines are currently the optimal approach for user security – it allows software vendors a fair and reasonable length of time to exercise their vulnerability management process, while also respecting the rights of users to learn and understand the risks they face,” Google told Engadget web magazine.
Most users should know that the would-be attackers need valid login credentials and access to the machine. Meaning, this is not a big concern for home users, however, business owners and IT workers should stay alert for the next software update.