Skip to Content

Microsoft Scrambles to Fix ‘Crazy Bad’ Bug

Microsoft has updated its malware protection after two Google employees discovered what they described as “the worst Windows remote code exec in recent memory.”

According to a Microsoft security statement released after the revelation, a hacker who successfully exploited the vulnerability could “take control of the system.” The attacker would have the ability to install programs, view, amend or delete data and even create new accounts “with full user rights.” Vulnerability researcher Tavis Ormandy, who co-discovered the bug, tweeted Saturday that it was “crazy bad.”

In response to the news about Windows’ vulnerability, the Microsoft Security Response Center released a malware protection engine update to counteract the problem within days. Ormandy tweeted that it was “an amazing response,” adding: “That was incredible work.”

He later tweeted that he was “still blown away” at the speed at which Microsoft (MSFT) dealt with the problem.