Google"s security researchers regularly try to discover vulnerabilities in the company"s own software products, as well as those developed by other firms, such as Microsoft and Apple. These efforts are part of Google"s Project Zero initiative through which it informs other companies about the vulnerability present in their software products, allowing them 90 days to fix the issue, before details are publicly disclosed.
Back in November 2016, Project Zero revealed a "particularly serious" security flaw in Windows 10 just ten days after detailing it to Microsoft - for which it received lots of backlash. It also disclosed yet another vulnerability in Windows soon after, however, this time after its standard 90-day deadline had passed. Now, a Google security researcher has discovered what he terms a "crazy bad" exploit in Windows which has the capacity to easily spread.
Tavis Ormandy, a security researcher at Google, has tweeted the following:
I think @natashenka and I just discovered the worst Windows remote code exec in recent memory. This is crazy bad. Report on the way. ???
— Tavis Ormandy (@taviso) May 6, 2017