Project Zero discovers “worst known vulnerability” in Windows

Project Zero Windows

Security when dealing with different systems and applications is a topic of great concern to users around the world. As security is where all our private and important information comes into play. So what if it falls into unwanted hands and the problems that this could entail, all of this fall under this particularly crucial topic.

Well, two of today’s major technology companies, such as Microsoft and Google, pay special attention to everything related to these tasks. At times more than we would like them too but there are important vulnerabilities in their services and applications, such as the case that concerns us. In fact Google security experts have recently discovered a new vulnerability without patches that is currently in the Windows operating system of Microsoft, something that seems really dangerous.

We talk about Project Zero researchers, Tavis Ormandy and Natalie Silvanovich, who have announced this weekend that they have found themselves with what could be considered the “worst vulnerability” discovered in a long time, obviously without providing too much detail in this regard. They warn to avoid unnecessary risks. They specifically refer to one of the most dangerous Windows remote codes of recent years.

Without going too deeply into the subject, they refer to a worm-like attack that works with any system installation and does not need to be on the same LAN to go live. At the moment the Redmond firm has not yet made any statements on the matter, but the company has received a margin of 90 days to develop a patch and would correct this vulnerability. In the event that no patch is published within the next 3 months from now, the two researchers will publish the details of the patch on the Web, all based on the internal policy of the Google Project Zero program, as has already happened on other occasions in the past.

Other errors detected by Google in Microsoft software

To say that this is not the first vulnerability discovered by Google security researchers in Microsoft products would be an understatement. Recently, as many of you know, the company has been subject to a public disclosure like the one just mentioned, after not having a patch for an issue. However it was able to provide a patch within 90 days after being notified of the security breach. The most recent case occurred in February, when Google investigators revealed details of such a bug that affected browsers at the Redmond firm.

If we refer to the discovery made this very weekend and keep in mind that the next Patch Tuesday will be held tomorrow, so there is a remote opportunity for the correction to be available, but we will have to wait and see as to what happens. Otherwise, Microsoft users would get a fix for this vulnerability in June, so this would mean that they would be unprotected for more than a month.


Please enter your comment!
Please enter your name here