The serious issue wasn’t disclosed to the public and prompted Microsoft to fix it within hours.
Google’s security experts, Tavis Ormandy and Natalie Silvanovich, have discovered an extremely dangerous bug in the Windows OS ecosystem. The exact issue hasn’t been revealed to the public citing security concerns. However, Google’s warning to Microsoft worked instantly.
According to a Twitter post, Tavis Ormandy stated, “I think @natashenka and I just discovered the worst Windows remote code exec in recent memory. This is crazy bad. Report on the way.” It was followed by another tweet stating, “Attack works against a default install, don't need to be on the same LAN, and it's wormable.”
I think @natashenka and I just discovered the worst Windows remote code exec in recent memory. This is crazy bad. Report on the way. 🔥🔥🔥— Tavis Ormandy (@taviso) May 6, 2017
According to Softpedia, Microsoft was given a period of 90 days to fix the issue, post which the details of the bug was said to be made public. However, Microsoft acted fast and released a security patch to the Windows Defender in Windows 10 as a Windows security update. Microsoft humbly listed the problem on their site, stating that the patch addresses a vulnerability that could allow remote code execution if the Microsoft Malware Protection Engine scans a specially crafted file. An attacker who successfully exploited this vulnerability could execute arbitrary code in the security context of the LocalSystem account and take control of the system.
Microsoft’s immediate response was appreciated by critics and IT experts alike. However, Google’s research team had showcased a bug regarding Microsoft browsers, which was fixed within a specified time.