Google finds a “crazy bad” Windows exploit, demands fix in 90 days or else

1 min. read

Published on May 8, 2017

published on May 8, 2017

Readers help support Windows Report. We may get a commission if you buy through our links.

Google has been making it a habit of setting a fire under Microsoft’s security team. Often, its Project Zero researchers will find issues and report them to Microsoft to repair. If a fix doesn’t go up within a time limit, the vulnerabilities will be published in a public report. Today, Travis Ormandy announced on Twitter that Google has found “the worst” so far (via Hacker News.)

Ormandy didn’t divulge much more information about the Windows remote code execution besides that it is “crazy bad”, potentially spelling trouble for Microsoft. He continued to explain that attacks against the vulnerability worked against the default install, didn’t need to be on the same LAN, and it’s wormable meaning it can spread. His tweets also came with some complimentary fire emojis, just in case readers weren’t worried enough.

Attack works against a default install, don't need to be on the same LAN, and it's wormable. ????

— Tavis Ormandy (@taviso) May 6, 2017

Once the report is sent to the tech giant, they will be given a 90-day leniency to correct the issue before Google goes public and it becomes an even bigger problem.

Radu Tyrsina

Radu Tyrsina has been a Windows fan ever since he got his first PC, a Pentium III (a monster at that time). For most of the kids of his age, the Internet was an amazing way to play and communicate with others, but he was deeply impressed by the flow of information and how easily you can find anything on the web. Prior to founding Windows Report, this particular curiosity about digital content enabled him to grow a number of sites that helped hundreds of millions reach faster the answer they're looking for.