GOOGLE PROJECT ZERO RESEARCHER Tavis Ormandy has discovered a remote code execution (RCE) critical vulnerability in Windows.
The researcher has not given any details of the Windows RCE vulnerability because Google gives a 90-day security disclosure deadline to all vendors to patch their products before disclosing vulnerabilities to the public. Ormandy has explained that the RCE exploit they created works against default Windows installations, and the attacker does not need to be on the same LAN (local area network) as the victim. He also said that the attack is capable of spreading itself.
What is RCE (Remote Code Execution)?
“In computer security, “arbitrary code execution” is used to describe an attacker’s ability to execute any command of the attacker’s choice on a target machine or in a target process. … It is the most powerful effect a bug can have because it allows an attacker to completely take over the vulnerable process.”
It’s not the first time when Google’s security researchers have discovered security issues in Microsoft’s products. In the past, Google researchers disclosed the details of many Windows vulnerabilities after the 90 days deadline.
There is no respond from Microsoft until now about this bug, but you should apply Windows patches from Microsoft when they become available.