Google disclosed Vulnerability-related.DiscoverVulnerability a flaw in Microsoft Edge earlier this week , after Microsoft failed to patch Vulnerability-related.PatchVulnerability the bug in time . Now Google ’ s Project Zero team of security researchers are disclosing Vulnerability-related.DiscoverVulnerability yet another Windows 10 security flaw that Microsoft has again failed to patch Vulnerability-related.PatchVulnerability before Google ’ s imposed 90-day period . Neowin spotted that Google reported Vulnerability-related.DiscoverVulnerability two bugs to Microsoft in November , but the company only addressed Vulnerability-related.PatchVulnerability one of them with its recent Patch Tuesday fixes . The latest unpatched issue is an Elevation of Privilege which allows a normal user to gain administrator privileges on a system . Microsoft has rated Vulnerability-related.DiscoverVulnerability the flaw as “ important , ” but not “ critical ” as it can ’ t be exploited Vulnerability-related.DiscoverVulnerability remotely . It ’ s still an important issue to fix Vulnerability-related.PatchVulnerability , as an attacker could potentially combine this with a separate unknown remote code execution to gain administrator access , although that ’ s an unlikely scenario unless Microsoft doesn ’ t address Vulnerability-related.PatchVulnerability it promptly . It ’ s not clear when Microsoft intends to address Vulnerability-related.PatchVulnerability the latest security flaw in Windows 10 , and the company still needs to solve Vulnerability-related.PatchVulnerability the Edge vulnerability that was disclosed Vulnerability-related.DiscoverVulnerability by Google earlier this week . Microsoft hit back at Google ’ s approach to security patches last year , after discovering Vulnerability-related.DiscoverVulnerability a Chrome flaw and “responsibly” disclosed Vulnerability-related.DiscoverVulnerability it to Google so the company had enough time to patch Vulnerability-related.PatchVulnerability . Google ’ s policy to disclose after 90 days without a patch is often criticized and applauded in equal measure . There ’ s plenty of evidence to suggest security vulnerabilities are increasing in Windows and across the industry , and Microsoft has clearly struggled to fix Vulnerability-related.PatchVulnerability these two issues with plenty of notice . It can also be argued that Google is making rival software more secure with its efforts , making everyone ’ s software secure . However , Google also has competitive commercial interests , and Project Zero has been unusually aggressive in finding and publishing new vulnerabilities . Reports suggest Google ’ s Project Zero security team originated from the fallout around the 2009 Google hack , an intrusion blamed on an unpatched flaw in Microsoft ’ s Internet Explorer 6 browser . Google makes exceptions to its strict rules , with grace periods , and can even disclose Vulnerability-related.DiscoverVulnerability much sooner if the vulnerability is being actively exploited Vulnerability-related.DiscoverVulnerability . Google disclosed Vulnerability-related.DiscoverVulnerability a major Windows bug back in 2016 just 10 days after reporting Vulnerability-related.DiscoverVulnerability it to Microsoft , and the company has revealed Vulnerability-related.DiscoverVulnerability zero-day bugs in Windows in the past before patches are available Vulnerability-related.PatchVulnerability .