Hackers 'actively exploiting' security flaw in Microsoft Windows, Google warns

Updated: 

Google has exposed a security flaw in Microsoft Windows, warning that it is already being "actively exploited" by hackers. 

The internet giant said in a post on its security blog that it informed Microsoft of the weakness in the kernel or core of the Windows operating system on October 21, but a fix is yet to be released. 

The bug can be used to escape what are known as security sandboxes, which are designed to isolate malicious code. 

However, the declaration has angered Microsoft, which says Google could endanger Windows users by revealing the vulnerability before an update to fix the problem has been issued. 

"We believe in co-ordinated vulnerability disclosure, and today's disclosure by Google could put customers at potential risk," the Windows developer said in a statement.

"Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible.

"We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection."

Google said the flaw is "particularly serious because we know it is being actively exploited" and, as part of its bug disclosure policy on active flaws, waits only seven days before going public with its findings, rather than the normal 60 days. Google said it did this to "protect users". 

Google also revealed it had discovered a bug in Adobe's Flash software, although Adobe issued a fix for the problem on October 26. 

"We encourage users to verify that auto-updates have already updated Flash - and to manually update if not - and to apply Windows patches from Microsoft when they become available for the Windows vulnerability," Google's Threat Analysis Group said.