What is Google Project Team ?

Google Vs Microsoft







"We asked Google to work with us to protect customers by withholding details until Tuesday, January 13, when we will be releasing a fix," said Betz, "Although following through keeps to Google’s announced timeline for disclosure, the decision feels less like principles and more like a ‘gotcha’, with customers the ones who may suffer as a result." Technical Details of second Vulnerability

Project Zero team have wrote that when a users log into a computer the User Profile Service is used to create certain directories and mount the user hives. So rather than loading the hives Google team recommend to create a base profile directory under Privilege account to be secure as normal users requires administrator privileges to do so.

"However there seems to be a bug in the way it handles impersonation, the first few resources in the profile get created under the user’s token, but this changes to impersonating Local System part of the way through. Any resources created while impersonating Local System might be exploitable to elevate privilege. Note that this occurs everytime the user logs in to their account, it isn't something that only happens during the initial provisioning of the local profile."- Google team wrote. In the blogpost senior director with Microsoft’s Security Response Center Chris Betz, wrote -Project Zero team have wrote that when a users log into a computer the User Profile Service is used to create certain directories and mount the user hives. So rather than loading the hives Google team recommend to create a base profile directory under Privilege account to be secure as normal users requires administrator privileges to do so."However there seems to be a bug in the way it handles impersonation, the first few resources in the profile get created under the user’s token, but this changes to impersonating Local System part of the way through. Any resources created while impersonating Local System might be exploitable to elevate privilege. Note that this occurs everytime the user logs in to their account, it isn't something that only happens during the initial provisioning of the local profile."- Google team wrote.









Earlier this monthhave disclose the critical vulnerability on Windows 8.1 operating system and team have make it public before the software giants patched the vulnerability and leaves millions of users under threats.Now once again. Team have disclose all the technical details of the bug before it get patched by Microsoft, following its 90-day public disclosure deadline policy.Google Project Team is a new team with the Top Security Researcher that will research on the security threats, finding vulnerabilities and also other security threats., who is the one to lead the Project Zero team.At the time, Microsoft criticized Google for disclosing the Windows 8.1 security flaw out in the public just before it was planing to fix it. According to Microsoft, the Windows 8.1 vulnerability disclosed by Google may have potentially exposed the users of the operating system to hackers.As Microsoft had announced to fixed the bug of Windows 8.1 but after the announcement Google team had released another bug details following its 90-day public disclosure deadline policy.In November, Microsoft asked Google for an extension of the deadline till February 2015, when it plans to address the issue. However, the search engine giant refused. But later when Microsoft promised to address the vulnerability in January Patch Tuesday, Google still refused to extend its deadline even by two days.