‘Google security researchers have found the worst Windows remote code exec in recent memory’

Posted 08 May 2017 17:39 CEST by Jan Willem Aldershoff

Two Google security researchers have found a very critical leak in Windows that allows attackers to remotely execute code on the affected system. The vulnerability was discovered by Natalie Silvanovich and Tavis Ormandy from Google’s Project Zero, a team of hackers that tries to find vulnerabilities in widely used software in order to protect internet users.

Ormandy tweets that the vulnerability is, “the worst Windows remote code exec in recent memory. This is crazy bad”. In another tweet he added, “attack works against a default install, don’t need to be on the same LAN, and it’s wormable.”

While Ormandy and Silvanovich don’t provide many more details, they have announced to release a report with details later. This will likely be in about 3 months, as it’s Google policy to give software vendors a 90 day security disclosure deadline to patch their products and disclose it to the public.

Earlier this year Google’s Project Zero also disclosed unpatched vulnerabilities in Windows.



Myce.com settings

Several settings at Myce.com can be changed, they are stored in cookies, which means they will be reset if you clear Myce.com cookies

Background

Change the background to a plain color or trianglified image (similar to the default image)

No tracking features

At Myce most social media feature are done server side and impose no privacy risk to the visitor when not used. Several features use Javascript with you can turn off here

Layout

Switch to the List layout for an index with chronologycally listed news items or Grid layout for a block based layout. To see the change you need to reload the page

×