The researchers from Google Project Zero have revealed a remote code execution bug in Microsoft Windows. The attacker doesn’t require any software to take the advantage of the serious bug. Microsoft is expected to fix the bug on May 9 Patch Tuesday release, followed by a detailed report by the researchers.
tweet from Google security researcher Tavis Ormandy surfaced a couple of days before Microsoft’s Patch Tuesday, scheduled for May 9. In his tweet made on May 6, Ormandy highlighted a Remote Code Execution bug in Microsoft Windows.
The critical vulnerability, described as “crazy bad”, was discovered by two Project Zero researchers Natalie Silvanovich and Tavis Ormandy.
Not many details were revealed in the initial tweet. However, Ormandy described a little more in a later tweet.
I think @natashenka and I just discovered the worst Windows remote code exec in recent memory. This is crazy bad. Report on the way.
.@natashenka Attack works against a default install, don't need to be on the same LAN, and it's wormable.
According to him, the attack works on the default Windows installation, i.e., it doesn’t require any additional software. The attacker doesn’t have to be on the same LAN as the target machine. Also, the bug is “wormable” or self-replicating.
Ormandy mentioned in the tweet that a report will follow soon. And the revelation made near the Patch Tuesday escalates the speculations that Microsoft has prepared the fix for the remote code execution bug.
If you have something to add, drop your thoughts and feedback inside comment section below.
Comments
Post a Comment