Google Project Zero’s researchers have discovered another critical remote code execution vulnerability in Microsoft’s Windows, and it seems something truly bad!
UPDATE
Microsoft immediately releases a fix, and ProjectZero releases vulnerability details:
During the weekend, the Project Zero’s researchers Tavis Ormandy and Natalie Silvanovich announced that they have discovered
“the worst Windows remote code execution vulnerability in recent memory”
I think @natashenka and I just discovered the worst Windows remote code exec in recent memory. This is crazy bad. Report on the way. 🔥🔥🔥
— Tavis Ormandy (@taviso) May 6, 2017
Attack works against a default install, don't need to be on the same LAN, and it's wormable. 🔥
— Tavis Ormandy (@taviso) May 6, 2017
The researchers did not provide any further details, as Google gives a 90-day security disclosure deadline to all software vendors to patch their products and disclose it to the public.
I will update the post as soon as more information is available …
Stay tuned!