Microsoft has updated its malware protection after two Google employees discovered what they described as “the worst Windows remote code exec in recent memory.”
According to a Microsoft security statement released after the revelation, a hacker who successfully exploited the vulnerability could “take control of the system.” The attacker would have the ability to install programs, view, amend or delete data and even create new accounts “with full user rights.” Vulnerability researcher Tavis Ormandy, who co-discovered the bug, tweeted Saturday that it was “crazy bad.”
I think @natashenka and I just discovered the worst Windows remote code exec in recent memory. This is crazy bad. Report on the way. 🔥🔥🔥
— Tavis Ormandy (@taviso) May 6, 2017
In response to the news about Windows’ vulnerability, the Microsoft Security Response Center released a malware protection engine update to counteract the problem within days. Ormandy tweeted that it was “an amazing response,” adding: “That was incredible work.”
Still blown away at how quickly @msftsecurity responded to protect users, can't give enough kudos. Amazing.
— Tavis Ormandy (@taviso) May 9, 2017
He later tweeted that he was “still blown away” at the speed at which Microsoft (MSFT) dealt with the problem.