Microsoft has chosen a blog post to protest after Google disclosed details of another Windows flaw over the weekend. Microsoft Security Response Center senior director Chris Betz said that companies should follow a coordinated disclosure of newly discovred software vulnerabilities rather than public disclosures that "feel less like principles and more like a "gotcha", with customers the ones who may suffer as a result."

"What’s right for Google is not always right for customers. We urge Google to make protection of customers our collective primary goal," Betz wrote in the blog post.

Microsoft's response subject is the long-running feud between Google and Microsoft over the handling of zero-day flaws.Google engineer Tavis Ormandy has been reporting finding zero days in Windows and notifying Microsoft. If no action is forthcoming from Microsoft in a pre-determined amount of time (usually 90 days), Ormandy releases the details, under the name Project Zero.

The latest instances concern two zero-day bugs, both reported by a Google researcher known as Forshaw. Forshaw reported the NtApphelpCacheControl bug in Windows 8.1 on Sept. 30.

"This bug is subject to a 90 day disclosure deadline. If 90 days elapse without a broadly available patch, then the bug report will automatically become visible to the public," Google had warned.

Microsoft plans to publish a fix this week as part of its regular security update, known in the industry as "Patch Tuesday."

The second bug, involving User Profile Services escalation, was posted on Oct. 13. It, too, had a 90-day countdown warning.

"Ultimately, vulnerability collaboration between researchers and vendors is about limiting the field of opportunity so customers and their data are better protected against cyberattacks. Those in favor of full, public disclosure believe that this method pushes software vendors to fix vulnerabilities more quickly and makes customers develop and take actions to protect themselves. We disagree. Releasing information absent context or a stated path to further protections, unduly pressures an already complicated technical environment. It is necessary to fully assess the potential vulnerability, design and evaluate against the broader threat landscape, and issue a "fix" before it is disclosed to the public, including those who would use the vulnerability to orchestrate an attack. We are in this latter camp," Microsoft's Betz wrote.