[News] Google Project Zero Finds Windows Vulnerabilty, "Worst in Recent Memory"

[StyM]

https://www.techpowerup.com/233130/g...-recent-memory

Google's Project Zero has found yet another critical Windows Vulnerability, this time going so far as to call it "Crazy Bad" in a lone tweet by Google security researcher Tavis Ormandy. Tavis went on to elaborate that the vulnerability "works against a default install, [you] don't need to be on the same LAN, and it's wormable."

Sounds like the stuff of nightmares from a security perspective, right? The good news is Google's policy is to give companies 90 days to patch bugs like this before revealing the exploits details. The idea is to pressure developers to fix vulnerabilities before the reveal, so users remain protected and companies are forced to act rather than adopt a "wait and see" approach. Microsoft however, does not have the best follow-up reputation, having left at least two major security bugs unpatched for the entire 90-day security-flaw reveal window as recently as this year.

One would hope they are a little more expedient on this one, or we could see some massive computer software carnage, for lack of a better term.

UPDATE: This issue has been patched by Microsoft, and has been detailed to be a Remote Execution Vulnerability in Windows Defender. Needless to say, this is an update you don't want to miss. Microsoft should be praised for it's rapid response here.

[StyM]

Massive vulnerability in Windows Defender leaves most Windows PCs vulnerable

Microsoft Patches the "Crazy Bad" Windows Vulnerability