The worst Windows RCE exploit of all time is coming?
Google Project Zero’s researchers have discovered another critical remote code execution vulnerability in Microsoft’s Windows, and it seems something truly bad!
Microsoft immediately releases a fix, and ProjectZero releases vulnerability details:
“the worst Windows remote code execution vulnerability in recent memory”
Attack works against a default install, don't need to be on the same LAN, and it's wormable. 🔥
— Tavis Ormandy (@taviso) May 6, 2017
The researchers did not provide any further details, as Google gives a 90-day security disclosure deadline to all software vendors to patch their products and disclose it to the public.
I will update the post as soon as more information is available …