Microsoft on Sunday criticized Google for disclosing a Windows 8.1 bug two days before it was scheduled to launch a fix.

According to Google's Project Zero real-time bug tracker, the search giant will publicize flaws 90 days after reporting them to the affected company.

So when Redmond was warned on Oct. 13 about a Windows 8.1 bug, it asked Google to keep all details mum until Microsoft could deliver a fix on Jan. 13 as part of its regular Patch Tuesday.

Instead, Google released details about the flaw—and the code needed to take advantage of the exploit—on Jan. 11.

"Specifically, we asked Google to work with us to protect customers by withholding details until … we will be releasing a fix," Microsoft Security Response Center Director Chris Betz wrote in a blog post.

"[T]his is a time for security researchers and software companies to come together," he continued, "not stand divided over important protection strategies, such as the disclosure of vulnerabilities and the remediation of them."

The software maker follows the practice of Coordinated Vulnerability Disclosure (CVD), which calls on finders to report flaws directly to vendors of the affected product, in an effort to "limit the field of opportunity so customers and their data are better protected," Betz said.

Google's decision, though keeping with its timeline for disclosure, "feels less like principles and more like a 'gotcha,'" Betz wrote, adding that customers may suffer as a result.

"What's right for Google is not always right for customers," he said. "We urge Google to make protection of customers our collective primary goal."

PC Magazine