Microsoft today rolled out this month’s Patch Tuesday updates, but the company has apparently ignored a critical Windows 7 and 8 flaw reported by a Google engineer a few weeks ago.

Tavis Ormandy, currently working as Information Security Engineer at Google, tried to get in touch with Microsoft to report a security issue in the company’s two newest operating systems that could basically allow an attacker to take control of an unpatched computer.

It turned out that Microsoft “treats vulnerability researchers with great hostility,” as he explained in late May, so the Google engineer decided to make the security flaw public.
“The 0-day vulnerability allows an attacker already on the machine to gain admin privileges, and we can assume that the underground is working to make that vulnerability part of their arsenal. The vulnerability should be addressed next Patch Tuesday unless wider exploitation in the wild is detected.”

On the other hand, Microsoft released five different security bulletins, one of which was marked as “critical” and was supposed to address security flaws found in Internet Explorer. All versions of the browsers got patched today, regardless of the Windows versions they’re running on.

In addition, both Windows and Office received new patches, so make sure you install the available bulletins as soon as possible.
Microsoft Ignores Windows Vulnerability Found by Google Engineer