Microsoft was notified over 90 days ago about a vulnerability that would allow a user with local credentials to elevate their rights to that of admin. Google’s Project Zero policy is to give 90 day for the vendor to fix the issue then disclose it to the public. Wether fixed or not.
I approve of this practice. 90 days is ample time for a fix. The more time a system is vulnerable the more likely someone will exploit it.Google posts Windows 8.1 vulnerability before Microsoft can patch it.
Trackback from your site.