Google beat Microsoft to the punch this week when it published a Windows security vulnerability before Microsoft fixed it. The bug allows lower-level users on Windows 8.1 systems to make themselves system administrators, giving them access to server settings without prior approval.

Google publicized the bug as part of Project Zero, which tracks software flaws and reports them to vendors. Those vendors then get 90 days to fix problems before Project Zero publishes the bug along with code that can be used to exploit it.

Google first notified Microsoft of the bug on Sept. 30, 2014, Engadget reports. Microsoft says it’s still working on a security update, but it also sought to downplay concerns that hackers could use the bug to do serious damage in the meanwhile.

“It is important to note that for a would-be attacker to potentially exploit a system, they would first need to have valid logon credentials and be able to log on locally to a targeted machine,” Microsoft said in a statement.

All this might sound like Google is picking on a rival company’s software. However, Google says the intent of Project Zero is to encourage software vendors to secure their products quickly — before hackers find the flaws first.

“By removing the ability of a vendor to withhold the details of security issues indefinitely, we give users the opportunity to react to vulnerabilities in a timely manner, and to exercise their power as a customer to request an expedited vendor response,” Google said.

[Engadget]

The Leadership Brief. Conversations with the most influential leaders in business and tech. Please enter a valid email address. Sign Up Now Check the box if you do not wish to receive promotional offers via email from TIME. You can unsubscribe at any time. By signing up you are agreeing to our Terms of Use and Privacy Policy . This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. Thank you! For your security, we've sent a confirmation email to the address you entered. Click the link to confirm your subscription and begin receiving our newsletters. If you don't get the confirmation within 10 minutes, please check your spam folder.

Contact us at letters@time.com.